This was a script I wrote in early 2014 for my original draft pitch for Hutpass, a startup that would provide HTTPS as a service (the same way CloudFlare would go on to do in October 2014).
It uses a compiled JSON file of all the profiles in https://github.com/opensets/domainprofiles, checking them for an "https" field.
I ended up throwing out the figure this returned in favor of using BuiltWith's figures (which were much more stark) a few days later, but it's still an interesting analysis.
| var dps = require('./domainprofiles.json'); | |
| var domains = Object.keys(dps); | |
| var notenforced = 0; | |
| var bad = 0; | |
| for(var i=0; i<domains.length; i++) { | |
| if(dps[domains[i]].https && dps[domains[i]].https != "enforced") { | |
| console.log(domains[i],dps[domains[i]].https); | |
| notenforced++; | |
| if(dps[domains[i]].https == "unsupported" | |
| || dps[domains[i]].https == "downgraded") bad++; | |
| // technically, only responding to HTTPS is still supporting HTTPS, | |
| // even though it's totally broken | |
| if(dps[domains[i]].https == "only") notenforced--; | |
| } | |
| } | |
| console.log (domains.length,notenforced,(notenforced/domains.length)*100, | |
| bad,(bad/domains.length)*100); |