Skip to content
JavaScript Python Shell ApacheConf CSS HTML Makefile
Find file
Latest commit 64ac7cd @2d1 [Bugzilla] Don't rewrite from https
Not our problem unless we cause links to
Failed to load latest commit information.
addon-sdk @ 12f7d53 Add semicolon.
apache Add instructions to lower LogLevel
cert-validity/mozilla clobber backslashes in filenames that prevent Windows users from chec…
chromium Release updates for version 5.0development.3
hooks Merged in 'origin/master' with changes from schoen.
https-everywhere-checker @ a044bd1 Restore some rules flagged by the fetch test.
https-everywhere-tests Document manual tests to run before release.
image-src Smaller jpg files
rewriter Fixes from review feedback.
src [Bugzilla] Don't rewrite from https
utils [duplicate whitelist] Add and
.build_exclusions Exclude another stray file
.gitmodules Add automated coverage testing.
.travis.yml Skip xargs in
LICENSE.txt Add URI.js to LICENSE.txt
Makefile Have "make clean" remove default.rulesets and rulesets.sqlite Clarify instructions on running ruleset tests. Restore some rules flagged by the fetch test. fails after cloning Only show "Add a rule" on HTTPS sites. Improve validation.
requirements.txt Add a travis.yml
rules Add a top-level 'rules' symlink. Fixed a reg-exp example in Escape HTML tags in Remove nounbound. Merge branch 'better-change-detection' into fix-aws Fix deterministic builds.

HTTPS Everywhere Build Status

Getting Started

Get the packages you need and install a git hook to run tests before push:


Run the tests for the Firefox version:


Run the latest code and rulesets in a standalone Firefox profile:

bash --justrun

Run the latest code and rulesets in a standalone Chromium profile:


Build the Firefox extension as a .xpi package:


Build the Chromium extension as a .crx package:


Both of the build commands store their output under pkg/.

Precommit Testing

One can run the available test suites automatically by enabling the precommit hook provided with:

ln -s ../../hooks/precommit .git/hooks/pre-commit

Source Tree

This is the source tree for HTTPS Everywhere for Firefox and Chrome.

Important directories you might want to know about

src/                      The Firefox source

chromium/                 The Chromium/Chrome source
                          (not to be confused with Firefox browser "chrome" or UI)

src/components            |
src/chrome/content        | Firefox JavaScript and XUL code
src/chrome/content/code   |

src/chrome/content/rules  The rulesets live here

Hacking on the Source Code

The current stable release series is 4.0. The current development release series is 5.0. Each release series is represented by a branch with the major and minor version numbers, e.g. 4.0 or 5.0. This branch is updated during the lifecycle of the release series. Specific releases are represented as tags with the full version number, e.g. 4.0.0 or 5.0development.0.

If you are making a bug fix to the current stable release, you should work off of the stable branch, 4.0. If you are adding features or improving functionality, work off of master. The maintainers will merge master into the development series branch periodically. We will also occasionally merge ruleset fixes from master into the stable branch if the ruleset is important (i.e. a popular or high-security site), or if the version in stable is clearly broken.

To submit changes, either use pull requests on GitHub or email patches to (rulesets) or (code).

Writing rulesets

HTTPS Everywhere consists of a large number of rules for switching sites from HTTP to HTTPS. You can read more about how to write these rules here:

If you want to create new rules to submit to us, we expect them to be in the src/chrome/content/rules directory. That directory also contains a useful script, make-trivial-rule, to create a simple rule for a specified domain. There is also a script called, to check all the pending rules for several common errors and oversights. For example, if you wanted to make a rule for the domain, you could run

bash ./make-trivial-rule

inside the rules directory. This would create, which you could then take a look at and edit based on your knowledge of any specific URLs at that do or don't work in HTTPS. You should then run


to make sure that your rule is free of common mistakes.

Writing translations

If you would like to help translate HTTPS Everywhere into your language, you can do that through the Tor Project's Transifex page:

Bug trackers and mailing lists

We currently have two bug trackers. The one on Github ( is recommended because it gets checked more frequently and has a friendlier user interface. The one on ( has a large backlog of bugs at this point, but it has the advantage of allowing you to post bugs anonymously using the "cypherpunks" / "writecode" account. (Note that you won't see replies unless you put an email address in the CC field.)

We have two publicly-archived mailing lists: the https-everywhere list ( is for discussing the project as a whole, and the https-everywhere-rulesets list ( is for discussing the rulesets and their contents, including patches and git pull requests.


There are some very basic unittests under https-everywhere-tests/. These are run with


Please help write more unittests and integration tests!

There are also ruleset tests, which aim to find broken rulesets by actually loading URLs in a browser and watching for Mixed Content Blocking to fire. The easiest way to run ruleset tests is to load a standalone Firefox instance with the tests enabled:

bash --justrun

Then click the HTTPS Everywhere icon on the toolbar, and click "Run HTTPS Everywhere Ruleset Tests." When you run the tests, be prepared to let your computer run them for a really long time.

Something went wrong with that request. Please try again.