[HTTPS-E Rulesets] Status of HTTPS support on Wikimedia Foundation projects

Christopher Liu cmliu00151 at gmail.com
Sat Oct 1 15:21:46 PDT 2011

To whom it may concern:

The Wikimedia Foundation has recently instituted support for HTTPS on
the same domains as HTTP for all[?] projects. The Wikipedia ruleset in
HTTPS-Everywhere should probably be updated to cover this.
(My request a couple of emails ago [titled "More ruleset comments"]
for the second-level wikisource.org domain is thus outdated. I have
tested that it does support HTTPS directly.)

secure. wikimedia. org is considered deprecated but will continue to
operate for the foreseeable future. It will eventually redirect to
project-specific domains, as stated by Ryan Lane at
, but no timetable has been given for that change.

It is probably advisable to keep the exclusions currently in the
ruleset. In addition, there are other domains that don't support valid
HTTPS and probably never will. This includes anything that doesn't run
MediaWiki software (e.g. blog.wikimedia.org , stats.wikimedia.org ,
status.wikimedia.org ) and some domains used for administration (e.g.
wikitech.wikimedia.org ). This list may not be comprehensive.

Again, thank you for your time and help.

C. Liu

More information about the HTTPS-Everywhere-Rules mailing list