[willnorris]

Somewhat confusingly, pulse.cio.gov lists senate.gov as supporting HTTPS with an 'A' from SSL Labs. While that is of course technically correct, it doesn't tell the full story, since no actual content is served over HTTPS.

Would it be worth trying to update pulse.cio.gov to detect cases like this? That's non-trivial to do in a reliable automated fashion, but seems like it might be worth the effort?

[konklone]

Yeah, I'm torn on it. It's clearly not the right information. But one of the benefits of an automated approach is that everyone's being treated equally, and people can't complain about unfair treatment.

In the case of the Senate, their current configuration prevents them from using HSTS or enforcing HTTPS, so the other columns will still show as lacking.