For a year or so I've been running a Chrome extension I wrote, which tracks which origins my Chrome makes the most http:// requests to, in an effort to make my https:// advocacy more data driven. Websites that top this list are disrespectful of my privacy and show no regard for whether bytes make their way to me unmodified.
Over the past year, I've seen several websites that used to top this list migrate to https://, for example Amazon, Netflix, and the Washington Post. I commend them on making the migration and protecting my privacy!
Here are the current top 25 origins which receive the most http:// requests, grouped by brand. If you work for one of these sites, offering HTTPS should be a top priority. If you're not sure why, watch this talk on MOAR TLS from earlier this year.
These sites represent the biggest opportunity to improve the percentage of requests I make which are https://, so I'm hopeful they will begin and complete the migration in the coming months!
ESPN has a lot of domains.
Sports seems to be a theme.
New York Times
While most of the New York Times site has gone https://, the daily KenKen has not yet.
Facebook itself is all https://, but this domain isn't
Hi, I'm Alex. I'm currently at a startup called Alloy. Before that I was a engineer working on Firefox security and before that at the U.S. Digital Service. I'm an avid open source contributor and live in Washington, DC.