HTTPS Everywhere Atlas

Domain: vimeocdn.com

HTTPS Everywhere currently rewrites requests to vimeocdn.com (or its subdomains).

Embedded content loaded from third-party domains (for example, YouTube, Google Analytics, ad networks, or CDNs) may also be affected. You can test this by loading the web page in question in a browser with HTTPS Everywhere installed and pulling down the HTTPS Everywhere rules menu. This will show a list of HTTPS Everywhere rules that were applied as the page was loaded, including rules that might have affected embedded content from other domains.

The stable branch contains the following rules that are disabled by default (so very few users' browsing is likely to be affected by their action): 

<!--
	CDN buckets:

		- av.vimeo.com.edgesuite.net

			- a808.g.akamai.net

		- pdl.vimeocdn.com.edgesuite.net

			- a1189.g.akamai.net


	Problematic subdomains:

		- av	(pdl.../crossdomain.xml restricts to port 80)
		- pdl	(works, akamai)


	Partially covered subdomains:

		- developer	(some pages redirect to http)
		- pdl		(&#8594; akamai)


	Fully covered subdomains:

		- (www.)
		- secure


Default off per https://trac.torproject.org/projects/tor/ticket/7569 --><ruleset name="Vimeo (default off)" default_off="breaks some video embedding">

	<target host="vimeo.com"/>
	<target host="*.vimeo.com"/>
		<exclusion pattern="^http://av\.vimeo\.com/crossdomain\.xml"/>
		<!--exclusion pattern="^http://developer\.vimeo\.com/($|\?|(apps|guidelines|help|player)($|[?/]))" /-->
		<exclusion pattern="^http://developer\.vimeo\.com/(?!apis(?:$|[?/])|favicon\.ico)"/>
	<target host="*.vimeocdn.com"/>
		<!--
			Uses crossdomain.xml from s3.amazonaws.com, which sets secure="false"

				https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
			-->
		<exclusion pattern="^http://a\.vimeocdn\.com/p/flash/moogaloop/"/>

		<!--	We cannot secure streams because crossdomain.xml
			restricts to port 80 :(
						-->
		<exclusion pattern="^http://pdl\.vimeocdn\.com/(?!crossdomain\.xml)"/>


	<!--	Tracking cookies:
					-->
	<securecookie host="^\.(?:player\.)?vimeo\.com$" name="^__utm\w$"/>


	<rule from="^http://((?:developer|player|secure|www)\.)?vimeo\.com/" to="https://$1vimeo.com/"/>

	<rule from="^http://av\.vimeo\.com/" to="https://a248.e.akamai.net/f/808/9207/8m/av.vimeo.com/"/>

	<!--	a & b: Akamai	-->
	<rule from="^http://(?:secure-)?([ab])\.vimeocdn\.com/" to="https://secure-$1.vimeocdn.com/"/>

	<rule from="^http://i\.vimeocdn\.com/" to="https://i.vimeocdn.com/"/>

	<rule from="^http://pdl\.vimeocdn\.com/" to="https://a248.e.akamai.net/f/1189/4415/8d/pdl.vimeocdn.com/"/>

</ruleset>

Vimeo.xml    File a bug

The development branch contains the following rules that are disabled by default (so very few users' browsing is likely to be affected by their action):

<!--
	Other Vimeo rulesets:

		- Vimeo_Pro.com.xml


	CDN buckets:

		- av.vimeo.com.edgesuite.net

			- a808.g.akamai.net

		- pdl.vimeocdn.com.edgesuite.net

			- a1189.g.akamai.net


	Problematic subdomains:

		- av	(pdl.../crossdomain.xml restricts to port 80)
		- pdl	(works, akamai)


	Partially covered subdomains:

		- developer	(some pages redirect to http)
		- pdl		(&#8594; akamai)


	Fully covered subdomains:

		- (www.)
		- secure

	
	Insecure cookies are set for these hosts:

		- vimeo.com
		- www.vimeo.com


Default off per https://trac.torproject.org/projects/tor/ticket/7569 --><ruleset name="Vimeo (default off)" default_off="breaks some video embedding">

	<target host="vimeo.com"/>
	<target host="*.vimeo.com"/>
		<exclusion pattern="^http://av\.vimeo\.com/crossdomain\.xml"/>
		<!--exclusion pattern="^http://developer\.vimeo\.com/($|\?|(apps|guidelines|help|player)($|[?/]))" /-->
		<exclusion pattern="^http://developer\.vimeo\.com/(?!apis(?:$|[?/])|favicon\.ico)"/>
	<target host="*.vimeocdn.com"/>
		<!--
			Uses crossdomain.xml from s3.amazonaws.com, which sets secure="false"

				https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
			-->
		<exclusion pattern="^http://a\.vimeocdn\.com/p/flash/moogaloop/"/>

		<!--	We cannot secure streams because crossdomain.xml
			restricts to port 80 :(
						-->
		<exclusion pattern="^http://pdl\.vimeocdn\.com/(?!crossdomain\.xml)"/>


	<!--	Not secured by server:
					-->
	<!--securecookie host="^(?:www\.)?vimeo\.com$" name="^clip_test_v2$" /-->

	<!--	Tracking cookies:
					-->
	<securecookie host="^\.(?:player\.)?vimeo\.com$" name="^__utm\w$"/>


	<rule from="^http://((?:developer|player|secure|www)\.)?vimeo\.com/" to="https://$1vimeo.com/"/>

	<rule from="^http://av\.vimeo\.com/" to="https://a248.e.akamai.net/f/808/9207/8m/av.vimeo.com/"/>

	<!--	a & b: Akamai	-->
	<rule from="^http://(?:secure-)?([ab])\.vimeocdn\.com/" to="https://secure-$1.vimeocdn.com/"/>

	<rule from="^http://i\.vimeocdn\.com/" to="https://i.vimeocdn.com/"/>

	<rule from="^http://pdl\.vimeocdn\.com/" to="https://a248.e.akamai.net/f/1189/4415/8d/pdl.vimeocdn.com/"/>

</ruleset>

File a bug

The HTTPS Everywhere developers welcome corrections and updates to rules. Please see our developer information and documentation of the ruleset format. If filing a bug in the Tor Project's Trac bug tracker, you can use the shared username and password cypherpunks / writecode; please ensure that the bug is marked as applying to HTTPS Everywhere.

Information current as of:


current release 94ec7b6 2015-12-21 11:26:25 -0600;
next release f233a81 2015-12-27 17:05:17 -0800;