<p>This page describes how to write rulesets for <a href="https://eff.org/https-everywhere">HTTPS Everywhere</a>, the Firefox plugin that switches sites over from http to https automatically. HTTPS Everywhere comes with <a href="http://www.eff.org/https-everywhere/atlas/">thousands</a> of rulesets, but you might want to edit them, or write new ones. Rulesets are simple xml files. Here is a simplified version of <a href="https://gitweb.torproject.org/https-everywhere.git/blob/HEAD:/src/chrome/content/rules/Twitter.xml"><tt>Twitter.xml</tt></a>, from the plugin distribution:</p><pre>&lt;ruleset name="Twitter"&gt;

&lt;target host="www.twitter.com" /&gt;

&lt;target host="twitter.com" /&gt;

&lt;rule from="^http://(www\.)?twitter\.com/" to="https://twitter.com/"/&gt;

&lt;/ruleset&gt;</pre><p>The "target" tag specifies which domains the ruleset might apply to. The target host tag does not use regular expressions. The content of a target tag should be the actual name of a web server to which the ruleset applies or partially applies, like <tt>www.eff.org</tt>, <tt>www.google.com</tt>, <tt>secure.wikimedia.org</tt>, and so on. If your rule applies to the bare domain (like "eff.org", not just "www.eff.org"), you need an additional target tag to say so. For example, the sample ruleset above is meant to apply to either <tt>www.twitter.com</tt> or <tt>twitter.com</tt>, so it has a separate target tag for each. A target may, however, contain a wildcard in one portion of the domain (like <tt>*.google.com</tt> or <tt>google.*</tt>, but <tt>*.google.*</tt> would not work). A wildcard on the left will match arbitrarily deep subdomains (for instance, <tt>*.facebook.com</tt> will match <tt>s-static.ak.facebook.com</tt>).Exception: currently this is not true for a target host that is less than three levels deep. <tt>&lt;target host="*.com"&gt;</tt> would match <tt>thing.com</tt> but not <tt>very.thing.com</tt>. We would consider changing that if anybody needs to use it. The "rule" does the actual rewriting work. The "from" and "to" clauses in each rule are <a href="http://www.regular-expressions.info/javascript.html">JavaScript regular expressions</a>. You can use them to rewrite URLs in more complicated ways. Here's a simplified (and now obsolete) example for Wikipedia:</p><pre>&lt;ruleset name="Wikipedia"&gt;

&lt;/ruleset&gt;</pre><p>Platform is a space-delimited list of platforms on which the ruleset works. Currently anticipated values are "firefox", "chromium", "mixedcontent", "cacert" and "ipsca". The "mixedcontent" value is important, and should be used for sites that render badly in Chrome because that browser <a href="https://trac.torproject.org/projects/tor/ticket/6975">blocks HTTP content from loading in HTTPS pages</a> by default. If the platform attribute is present, but does not match the current platform, the ruleset will be treated as off-by-default. <strong>Update (12/12/13)</strong>: Firefox 23+ has enabled mixed content blocking by default. As a result, many rules that were previously labeled "firefox" should now be labeled "mixedcontent." <a name="downgrade"></a></p><h3>HTTPS-&gt;HTTP downgrade rules</h3><p>By default, HTTPS Everywhere will refuse to allow rules that would downgrade a URL from HTTPS to HTTP. Occasionally, this has turned out to be necessary because when HTTPS Everywhere is active some sites write broken relative links to HTTPS resources on their own domains that are not actually available over HTTPS. If you want to have a <tt>&lt;rule&gt;</tt> like that (<a href="https://gitweb.torproject.org/pde/https-everywhere.git/blob/4.0:/src/chrome/content/rules/BBC.xml">here's an example</a>), it will need a downgrade="1" attribute to make sure you really meant it, and to facilitate auditing of the ruleset library.</p>