  1. <!--
  2. Other Google rulesets:
  3. -
  4. - Admeld.xml
  5. -
  6. -
  7. - FeedBurner.xml
  8. -
  9. - GoogleAPIs.xml
  10. - Google_App_Engine.xml
  11. - GoogleImages.xml
  12. - GoogleShopping.xml
  13. - Ingress.xml
  14. - Meebo.xml
  15. - Orkut.xml
  16. - Postini.xml
  17. -
  18. Nonfunctional domains:
  19. - (404, valid cert)
  20. - *
  21. - (404, mismatched)
  22. - (www.) (404; mismatched, CN:
  23. - *
  24. * 404, valid cert
  25. Nonfunctional paths:
  26. - analytics (redirects to http)
  27. - imgres
  28. - gadgets *
  29. - hangouts (404)
  30. - u/ (404)
  31. * Redirects to http
  32. Problematic domains:
  33. - (404; mismatched, CN: *
  34. - subdomains:
  35. - books (googlebooks/, images/, & intl/ 404, but works when rewritten to www)
  36. - cbks0 ****
  37. - earth *
  38. - gg ($ 404s)
  39. - knoll *
  40. - scholar **
  41. - trends *
  42. - **
  43. - **
  44. - * ***
  45. **** $ 404s
  46. * 404, valid cert
  47. ** Redirects to http, valid cert
  48. *** Breaks followers widget -
  49. Partially covered domains:
  50. - google.cctld subdomains:
  51. - scholar (→ www)
  52. - subdomains:
  53. - (www.)
  54. - cbks0 ($ 404s)
  55. - gg ($ 404s)
  56. - news (→ www)
  57. - scholar (→ www)
  58. - * (*-opensocial excluded)
  59. Fully covered domains:
  60. - lh[3-6]
  61. - (www.) (www → ^)
  62. - subdomains:
  63. - accounts
  64. - adwords
  65. - apis
  66. - appengine
  67. - books (→ encrypted)
  68. - calendar
  69. - checkout
  70. - chrome
  71. - clients[12]
  72. - code
  73. - *.corp
  74. - developers
  75. - dl
  76. - docs
  77. - docs\d
  78. - \
  79. - drive
  80. - earth (→ www)
  81. - encrypted
  82. - encrypted-tbn[123]
  83. - feedburner
  84. - fiber
  85. - finance
  86. - glass
  87. - groups
  88. - health
  89. - helpouts
  90. - history
  91. - hostedtalkgadget
  92. - id
  93. - investor
  94. - knol
  95. - knoll (→ knol)
  96. - lh\d
  97. - mail
  98. - chatenabled.mail
  99. - pack
  100. - picasaweb
  101. - pki
  102. - play
  103. - plus
  104. - plusone
  105. - productforums
  106. - profiles
  107. - safebrowsing-cache
  108. - cert-test.sandbox
  109. - plus.sandbox
  110. - sb-ssl
  111. - script
  112. - security
  113. - services
  114. - servicessites
  115. - sites
  116. - spreadsheets
  117. - spreadsheets\d
  118. - support
  119. - talk
  120. - talkgadget
  121. - tbn2 (→ encrypted-tbn2)
  122. - tools
  123. - trends (→ www)
  124. -
  125. - (www.)
  126. - * (per-project subdomains)
  127. -
  128. - *
  129. -
  130. -
  131. -
  132. -
  133. XXX: Needs more testing
  134. -->
  135. <ruleset name="Google Services">
  136. <target host="*" />
  137. <target host="" />
  138. <target host="" />
  139. <target host="" />
  140. <target host="" />
  141. <target host="google.*" />
  142. <target host="*" />
  143. <target host="*" />
  144. <target host="*" />
  145. <target host="*" />
  146. <target host="*" />
  147. <target host="*" />
  148. <exclusion pattern="^http://(?:news\.)?google\.com/(?:archivesearch|newspapers)" />
  149. <target host="*" />
  150. <target host="*" />
  151. <target host="*" />
  152. <target host="*" />
  153. <target host="*" />
  154. <target host="*" />
  155. <target host="*" />
  156. <target host="*" />
  157. <target host="*" />
  158. <target host="*" />
  159. <target host="*" />
  160. <target host="*" />
  161. <target host="*" />
  162. <target host="*" />
  163. <target host="" />
  164. <target host="*" />
  165. <exclusion pattern="^http://(?:www\.)?google\.com/analytics/*(?:/[^/]+)?(?:\?.*)?$" />
  166. <!--exclusion pattern="^http://books\.google\.com/(?!books/(\w+\.js|css/|javascript/)|favicon\.ico|googlebooks/|images/|intl/)" /-->
  167. <exclusion pattern="^http://cbks0\.google\.com/(?:$|\?)" />
  168. <exclusion pattern="^http://gg\.google\.com/(?!csi(?:$|\?))" />
  169. <target host="*" />
  170. <target host="*" />
  171. <target host="*" />
  172. <target host="*" />
  173. <target host="*" />
  174. <target host="*" />
  175. <target host="*" />
  176. <target host="*" />
  177. <target host="*" />
  178. <target host="" />
  179. <target host="" />
  180. <target host="*" />
  181. <target host="" />
  182. <target host="" />
  183. <target host="" />
  184. <target host="*" />
  185. <target host="*" />
  186. <target host="" />
  187. <target host="" />
  188. <target host="*" />
  189. <!--
  190. Necessary for the Followers widget:
  192. -->
  193. <exclusion pattern="http://[^@:\./]+-opensocial\.googleusercontent\.com" />
  194. <!-- Can we secure any of these wildcard cookies safely?
  195. -->
  196. <!--securecookie host="^\.google\.com$" name="^(hl|I4SUserLocale|NID|PREF|S)$" /-->
  197. <!--securecookie host="^\.google\.[\w.]{2,6}$" name="^(hl|I4SUserLocale|NID|PREF|S|S_awfe)$" /-->
  198. <securecookie host="^(?:accounts|adwords|\.code|login\.corp|developers|docs|\d\.docs|fiber|mail|picasaweb|plus|\.?productforums|support)\.google\.[\w.]{2,6}$" name=".+" />
  199. <securecookie host="^www\.google\.com$" name="^GoogleAccountsLocale_session$" />
  200. <securecookie host="^mail-attachment\.googleusercontent\.com$" name=".+" />
  201. <securecookie host="^gmail\.com$" name=".+" />
  202. <securecookie host="^www\.gmail\.com$" name=".+" />
  203. <securecookie host="^googlemail\.com$" name=".+" />
  204. <securecookie host="^www\.googlemail\.com$" name=".+" />
  205. <!-- - lh 3-6 exist
  206. - All appear identical
  207. - Identical to lh\
  208. -->
  209. <rule from="^http://lh(\d)\.ggpht\.com/"
  210. to="https://lh$" />
  211. <rule from="^http://lh(\d)\.google\.ca/"
  212. to="https://lh$" />
  213. <rule from="^http://(www\.)?g(oogle)?mail\.com/"
  214. to="https://$1g$" />
  215. <rule from="^http://(?:www\.)?goo\.gl/"
  216. to="" />
  217. <!-- Redirects to http when rewritten to www:
  218. -->
  219. <rule from="^http://books\.google\.com/"
  220. to="" />
  221. <!-- tisp$ 404s:
  222. -->
  223. <rule from="^http://(?:www\.)?google\.((?:com?\.)?\w{2,3})/tisp(?=$|\?)"
  224. to="$1/tisp/" />
  225. <!-- Paths that work on all in google.*
  226. -->
  227. <rule from="^http://(?:www\.)?google\.((?:com?\.)?\w{2,3})/(accounts|adplanner|ads|adsense|adwords|analytics|bookmarks|chrome|contacts|coop|cse|css|culturalinstitute|doodles|earth|favicon\.ico|finance|get|goodtoknow|googleblogs|grants|green|hostednews|images|intl|js|landing|logos|mapmaker|newproducts|news|nexus|patents|policies|prdhp|profiles|products|reader|s2|settings|shopping|support|tisp|tools|transparencyreport|trends|urchin|webmasters)(?=$|[?/])"
  228. to="$1/$2" />
  229. <!-- Paths that 404 on .ccltd, but work on .com:
  230. -->
  231. <rule from="^http://(?:www\.)?google\.(?:com?\.)?\w{2,3}/(?=calendar|dictionary|doubleclick|help|ideas|pacman|postini|powermeter|url)"
  232. to="" />
  233. <rule from="^http://(?:www\.)?google\.(?:com?\.)?\w{2,3}/custom"
  234. to="" />
  235. <!-- Paths that only exist/work on .com
  236. -->
  237. <rule from="^http://(?:www\.)?google\.com/(\+|appsstatus|books|buzz|extern_js|glass|googlebooks|ig|insights|moderator|phone|safebrowsing|videotargetting|webfonts)(?=$|[?/])"
  238. to="$1" />
  239. <!-- Subdomains that work on all in google.*
  240. -->
  241. <rule from="^http://(accounts|adwords|finance|groups|id|picasaweb|)\.google\.((?:com?\.)?\w{2,3})/"
  242. to="https://$$2/" />
  243. <!-- Subdomains that only exist/work on .com
  244. -->
  245. <rule from="^http://(apis|appengine|books|calendar|cbks0|chat|checkout|chrome|clients[12]|code|[\w-]+\.corp|developers|dl|docs\d?|\d\.docs|drive|encrypted|encrypted-tbn[123]|feedburner|fiber|fonts|gg|glass||health|helpouts|history|(?:hosted)?talkgadget|investor|lh\d|(?:chatenabled\.)?mail|pack|pki|play|plus(?:\.sandbox)?|plusone|productforums|profiles|safebrowsing-cache|cert-test\.sandbox|sb-ssl|script|security|services|servicessites|sites|spreadsheets\d?|support|talk|tools)\.google\.com/"
  246. to="https://$" />
  247. <exclusion pattern="^http://clients[0-9]\.google\.com/ocsp"/>
  248. <rule from="^http://earth\.google\.com/"
  249. to="" />
  250. <rule from="^http://scholar\.google\.((?:com?\.)?\w{2,3})/intl/"
  251. to="$1/intl/" />
  252. <rule from="^http://(?:encrypted-)?tbn2\.google\.com/"
  253. to="" />
  254. <rule from="^http://knoll?\.google\.com/"
  255. to="" />
  256. <rule from="^http://news\.google\.(?:com?\.)?\w{2,3}/(?:$|news|newshp)"
  257. to="" />
  258. <rule from="^http://trends\.google\.com/"
  259. to="" />
  260. <rule from="^http://([^/:@\.]+\.)?googlecode\.com/"
  261. to="https://$" />
  262. <rule from="^http://([^\./]\.)?googlesource\.com/"
  263. to="https://$" />
  264. <rule from="^http://partner\.googleadservices\.com/"
  265. to="" />
  266. <rule from="^http://(pagead2|tpc)\.googlesyndication\.com/"
  267. to="https://$" />
  268. <!-- !www doesn't exist.
  269. -->
  270. <rule from="^http://www\.googletagservices\.com/tag/js/"
  271. to="" />
  272. <rule from="^http://([^@:\./]+)\.googleusercontent\.com/"
  273. to="https://$" />
  274. </ruleset>