merge mozilla-inbound to mozilla-central. r=merge a=merge
authorSebastian Hengst <archaeopteryx@coole-files.de>
Sun, 29 Oct 2017 12:04:25 +0200
changeset 439639 66f9b72b87297adf712b14be58df13c2333bb3a9
parent 439636 d58c5cb053be123a9ede85cabce3b060c13cf66d (diff)
parent 439638 5da48a1cd6d684bf431d7766303c8d6ad56380fc (current diff)
child 439640 cb109e3b7069fd9fc743559ba6187e22f157addc
child 439644 00596bac1073b90e4bb129e7fc777c3582be1c76
child 439677 3311f58e8915e359437f6ce1e3627667ffe1e882
push id8114
push userjlorenzo@mozilla.com
push dateThu, 02 Nov 2017 16:33:21 +0000
treeherdermozilla-beta@73e0d89a540f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmerge, merge
milestone58.0a1
first release with
nightly linux32
66f9b72b8729 / 58.0a1 / 20171029102300 / files
nightly linux64
66f9b72b8729 / 58.0a1 / 20171029102300 / files
nightly mac
66f9b72b8729 / 58.0a1 / 20171029102300 / files
nightly win32
66f9b72b8729 / 58.0a1 / 20171029102300 / files
nightly win64
66f9b72b8729 / 58.0a1 / 20171029102300 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
merge mozilla-inbound to mozilla-central. r=merge a=merge
--- a/accessible/ipc/win/HandlerProvider.cpp
+++ b/accessible/ipc/win/HandlerProvider.cpp
@@ -182,20 +182,24 @@ private:
 void
 HandlerProvider::BuildIA2Data(IA2Data* aOutIA2Data)
 {
   MOZ_ASSERT(aOutIA2Data);
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(mTargetUnk);
   MOZ_ASSERT(IsTargetInterfaceCacheable());
 
-  RefPtr<NEWEST_IA2_INTERFACE>
-    target(static_cast<NEWEST_IA2_INTERFACE*>(mTargetUnk.get()));
+  RefPtr<NEWEST_IA2_INTERFACE> target;
+  HRESULT hr = mTargetUnk.get()->QueryInterface(NEWEST_IA2_IID,
+    getter_AddRefs(target));
+  if (FAILED(hr)) {
+    return;
+  }
 
-  HRESULT hr = E_UNEXPECTED;
+  hr = E_UNEXPECTED;
 
   auto hasFailed = [&hr]() -> bool {
     return FAILED(hr);
   };
 
   auto cleanup = [this, aOutIA2Data]() -> void {
     ClearIA2Data(*aOutIA2Data);
   };
@@ -289,17 +293,18 @@ HandlerProvider::ClearIA2Data(IA2Data& a
 {
   ::VariantClear(&aData.mRole);
   ZeroMemory(&aData, sizeof(IA2Data));
 }
 
 bool
 HandlerProvider::IsTargetInterfaceCacheable()
 {
-  return MarshalAs(mTargetUnkIid) == NEWEST_IA2_IID;
+  return MarshalAs(mTargetUnkIid) == NEWEST_IA2_IID ||
+         mTargetUnkIid == IID_IAccessibleHyperlink;
 }
 
 HRESULT
 HandlerProvider::WriteHandlerPayload(NotNull<mscom::IInterceptor*> aInterceptor,
                                      NotNull<IStream*> aStream)
 {
   MutexAutoLock lock(mMutex);
 
--- a/accessible/ipc/win/handler/AccessibleHandler.cpp
+++ b/accessible/ipc/win/handler/AccessibleHandler.cpp
@@ -23,16 +23,17 @@
 #include <objbase.h>
 #include <uiautomation.h>
 #include <winreg.h>
 
 #include "AccessibleHypertext.h"
 #include "Accessible2_i.c"
 #include "Accessible2_2_i.c"
 #include "Accessible2_3_i.c"
+#include "AccessibleHyperlink_i.c"
 
 namespace mozilla {
 namespace a11y {
 
 static mscom::Factory<AccessibleHandler> sHandlerFactory;
 
 HRESULT
 AccessibleHandler::Create(IUnknown* aOuter, REFIID aIid, void** aOutInterface)
@@ -55,16 +56,17 @@ AccessibleHandler::Create(IUnknown* aOut
   return handler->InternalQueryInterface(aIid, aOutInterface);
 }
 
 AccessibleHandler::AccessibleHandler(IUnknown* aOuter, HRESULT* aResult)
   : mscom::Handler(aOuter, aResult)
   , mDispatch(nullptr)
   , mIA2PassThru(nullptr)
   , mServProvPassThru(nullptr)
+  , mIAHyperlinkPassThru(nullptr)
   , mCachedData()
   , mCacheGen(0)
 {
   RefPtr<AccessibleHandlerControl> ctl(gControlFactory.GetOrCreateSingleton());
   MOZ_ASSERT(ctl);
   if (!ctl) {
     if (aResult) {
       *aResult = E_UNEXPECTED;
@@ -100,16 +102,39 @@ AccessibleHandler::ResolveIA2()
     // mIA2PassThru is a weak reference (see comments in AccesssibleHandler.h)
     mIA2PassThru->Release();
   }
 
   return hr;
 }
 
 HRESULT
+AccessibleHandler::ResolveIAHyperlink()
+{
+  if (mIAHyperlinkPassThru) {
+    return S_OK;
+  }
+
+  RefPtr<IUnknown> proxy(GetProxy());
+  if (!proxy) {
+    return E_UNEXPECTED;
+  }
+
+  HRESULT hr = proxy->QueryInterface(IID_IAccessibleHyperlink,
+                                     reinterpret_cast<void**>(&mIAHyperlinkPassThru));
+  if (SUCCEEDED(hr)) {
+    // mIAHyperlinkPassThru is a weak reference
+    // (see comments in AccesssibleHandler.h)
+    mIAHyperlinkPassThru->Release();
+  }
+
+  return hr;
+}
+
+HRESULT
 AccessibleHandler::MaybeUpdateCachedData()
 {
   RefPtr<AccessibleHandlerControl> ctl(gControlFactory.GetOrCreateSingleton());
   if (!ctl) {
     return E_OUTOFMEMORY;
   }
 
   uint32_t gen = ctl->GetCacheGen();
@@ -387,16 +412,18 @@ CopyBSTR(BSTR aSrc)
     assignTo = mCachedData.mData.member; \
   }
 
 #define GET_BSTR(member, assignTo) \
   { \
     assignTo = CopyBSTR(mCachedData.mData.member); \
   }
 
+/*** IAccessible ***/
+
 HRESULT
 AccessibleHandler::get_accParent(IDispatch **ppdispParent)
 {
   HRESULT hr = ResolveIA2();
   if (FAILED(hr)) {
     return hr;
   }
   return mIA2PassThru->get_accParent(ppdispParent);
@@ -704,16 +731,18 @@ AccessibleHandler::put_accName(VARIANT v
 
 HRESULT
 AccessibleHandler::put_accValue(VARIANT varChild, BSTR szValue)
 {
   // This matches AccessibleWrap
   return E_NOTIMPL;
 }
 
+/*** IAccessible2 ***/
+
 HRESULT
 AccessibleHandler::get_nRelations(long* nRelations)
 {
   HRESULT hr = ResolveIA2();
   if (FAILED(hr)) {
     return hr;
   }
   return mIA2PassThru->get_nRelations(nRelations);
@@ -961,16 +990,18 @@ AccessibleHandler::get_attributes(BSTR* 
     return mIA2PassThru->get_attributes(attributes);
   }
 
   BEGIN_CACHE_ACCESS;
   GET_BSTR(mAttributes, *attributes);
   return S_OK;
 }
 
+/*** IAccessible2_2 ***/
+
 HRESULT
 AccessibleHandler::get_attribute(BSTR name, VARIANT* attribute)
 {
   // Not yet implemented by ia2Accessible.
   // Once ia2Accessible implements this, we could either pass it through
   // or we could extract these individually from cached mAttributes.
   // The latter should be considered if traffic warrants it.
   return E_NOTIMPL;
@@ -995,16 +1026,18 @@ AccessibleHandler::get_relationTargetsOf
   HRESULT hr = ResolveIA2();
   if (FAILED(hr)) {
     return hr;
   }
   return mIA2PassThru->get_relationTargetsOfType(type, maxTargets, targets,
                                                  nTargets);
 }
 
+/*** IAccessible2_3 ***/
+
 HRESULT
 AccessibleHandler::get_selectionRanges(IA2Range** ranges, long* nRanges)
 {
   HRESULT hr = ResolveIA2();
   if (FAILED(hr)) {
     return hr;
   }
   return mIA2PassThru->get_selectionRanges(ranges, nRanges);
@@ -1018,16 +1051,18 @@ static const GUID kUnsupportedServices[]
   // Unknown, queried by Windows
   {0x8EDAA462, 0x21F4, 0x4C87, { 0xA0, 0x12, 0xB3, 0xCD, 0xA3, 0xAB, 0x01, 0xFC }},
   // Unknown, queried by Windows
   {0xacd46652, 0x829d, 0x41cb, { 0xa5, 0xfc, 0x17, 0xac, 0xf4, 0x36, 0x61, 0xac }},
   // Unknown, queried by Windows
   {0xb96fdb85, 0x7204, 0x4724, { 0x84, 0x2b, 0xc7, 0x05, 0x9d, 0xed, 0xb9, 0xd0 }}
 };
 
+/*** IServiceProvider ***/
+
 HRESULT
 AccessibleHandler::QueryService(REFGUID aServiceId, REFIID aIid,
                                 void** aOutInterface)
 {
   static_assert(&NEWEST_IA2_IID == &IID_IAccessible2_3,
                 "You have modified NEWEST_IA2_IID. This code needs updating.");
   /* We're taking advantage of the fact that we are implementing IA2 as part
      of our own object to implement this just like a QI. */
@@ -1059,27 +1094,147 @@ AccessibleHandler::QueryService(REFGUID 
     // mServProvPassThru is a weak reference (see comments in
     // AccessibleHandler.h)
     mServProvPassThru->Release();
   }
 
   return mServProvPassThru->QueryService(aServiceId, aIid, aOutInterface);
 }
 
+/*** IProvideClassInfo ***/
+
 HRESULT
 AccessibleHandler::GetClassInfo(ITypeInfo** aOutTypeInfo)
 {
   RefPtr<AccessibleHandlerControl> ctl(gControlFactory.GetOrCreateSingleton());
   if (!ctl) {
     return E_OUTOFMEMORY;
   }
 
   return ctl->GetHandlerTypeInfo(aOutTypeInfo);
 }
 
+/*** IAccessibleAction ***/
+
+HRESULT
+AccessibleHandler::nActions(long* nActions)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->nActions(nActions);
+}
+
+HRESULT
+AccessibleHandler::doAction(long actionIndex)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->doAction(actionIndex);
+}
+
+HRESULT
+AccessibleHandler::get_description(long actionIndex, BSTR* description)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_description(actionIndex, description);
+}
+
+HRESULT
+AccessibleHandler::get_keyBinding(long actionIndex,
+                                  long nMaxBindings,
+                                  BSTR** keyBindings,
+                                  long* nBindings)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_keyBinding(
+    actionIndex, nMaxBindings, keyBindings, nBindings);
+}
+
+HRESULT
+AccessibleHandler::get_name(long actionIndex, BSTR* name)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_name(actionIndex, name);
+}
+
+HRESULT
+AccessibleHandler::get_localizedName(long actionIndex, BSTR* localizedName)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_localizedName(actionIndex, localizedName);
+}
+
+/*** IAccessibleHyperlink ***/
+
+HRESULT
+AccessibleHandler::get_anchor(long index, VARIANT* anchor)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_anchor(index, anchor);
+}
+
+HRESULT
+AccessibleHandler::get_anchorTarget(long index, VARIANT* anchorTarget)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_anchorTarget(index, anchorTarget);
+}
+
+HRESULT
+AccessibleHandler::get_startIndex(long* index)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_startIndex(index);
+}
+
+HRESULT
+AccessibleHandler::get_endIndex(long* index)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_endIndex(index);
+}
+
+HRESULT
+AccessibleHandler::get_valid(boolean* valid)
+{
+  HRESULT hr = ResolveIAHyperlink();
+  if (FAILED(hr)) {
+    return hr;
+  }
+  return mIAHyperlinkPassThru->get_valid(valid);
+}
+
 } // namespace a11y
 } // namespace mozilla
 
 extern "C" HRESULT __stdcall
 ProxyDllCanUnloadNow();
 
 extern "C" HRESULT __stdcall
 DllCanUnloadNow()
--- a/accessible/ipc/win/handler/AccessibleHandler.h
+++ b/accessible/ipc/win/handler/AccessibleHandler.h
@@ -30,30 +30,32 @@ import NEWEST_IA2_IDL;
 
 #include "HandlerData.h"
 
 #include <windows.h>
 
 #if !defined(MOZILLA_INTERNAL_API)
 
 #include "Accessible2_3.h"
+#include "AccessibleHyperlink.h"
 #include "Handler.h"
 #include "mozilla/mscom/StructStream.h"
 #include "mozilla/UniquePtr.h"
 
 #include <ocidl.h>
 #include <servprov.h>
 
 namespace mozilla {
 namespace a11y {
 
 class AccessibleHandler final : public mscom::Handler
                               , public NEWEST_IA2_INTERFACE
                               , public IServiceProvider
                               , public IProvideClassInfo
+                              , public IAccessibleHyperlink
 {
 public:
   static HRESULT Create(IUnknown* aOuter, REFIID aIid, void** aOutInterface);
 
   // mscom::Handler
   HRESULT QueryHandlerInterface(IUnknown* aProxyUnknown, REFIID aIid,
                                 void** aOutInterface) override;
   HRESULT ReadHandlerPayload(IStream* aStream, REFIID aIid) override;
@@ -147,22 +149,42 @@ public:
 
   // IServiceProvider
   STDMETHODIMP QueryService(REFGUID aServiceId, REFIID aIid,
                             void** aOutInterface) override;
 
   // IProvideClassInfo
   STDMETHODIMP GetClassInfo(ITypeInfo** aOutTypeInfo) override;
 
+  // IAccessibleAction
+  STDMETHODIMP nActions(long* nActions) override;
+  STDMETHODIMP doAction(long actionIndex) override;
+  STDMETHODIMP get_description(long actionIndex, BSTR* description) override;
+  STDMETHODIMP get_keyBinding(long actionIndex,
+                              long nMaxBindings,
+                              BSTR** keyBindings,
+                              long* nBindings) override;
+  STDMETHODIMP get_name(long actionIndex, BSTR* name) override;
+  STDMETHODIMP get_localizedName(long actionIndex,
+                                 BSTR* localizedName) override;
+
+  // IAccessibleHyperlink
+  STDMETHODIMP get_anchor(long index, VARIANT* anchor) override;
+  STDMETHODIMP get_anchorTarget(long index, VARIANT* anchorTarget) override;
+  STDMETHODIMP get_startIndex(long* index) override;
+  STDMETHODIMP get_endIndex(long* index) override;
+  STDMETHODIMP get_valid(boolean* valid) override;
+
 private:
   AccessibleHandler(IUnknown* aOuter, HRESULT* aResult);
   virtual ~AccessibleHandler();
 
   HRESULT ResolveIA2();
   HRESULT ResolveIDispatch();
+  HRESULT ResolveIAHyperlink();
   HRESULT MaybeUpdateCachedData();
 
   RefPtr<IUnknown>                  mDispatchUnk;
   /**
    * Handlers aggregate their proxies. This means that their proxies delegate
    * their IUnknown implementation to us.
    *
    * mDispatchUnk and the result of Handler::GetProxy() are both strong
@@ -178,16 +200,17 @@ private:
    * must immediately Release() them to prevent these cycles.
    *
    * It is safe for us to use these raw pointers because the aggregated
    * objects's lifetimes are proper subsets of our own lifetime.
    */
   IDispatch*                        mDispatch;         // weak
   NEWEST_IA2_INTERFACE*             mIA2PassThru;      // weak
   IServiceProvider*                 mServProvPassThru; // weak
+  IAccessibleHyperlink*             mIAHyperlinkPassThru; // weak
   IA2Payload                        mCachedData;
   UniquePtr<mscom::StructToStream>  mSerializer;
   uint32_t                          mCacheGen;
 };
 
 } // namespace a11y
 } // namespace mozilla
 
--- a/browser/themes/osx/compacttheme.css
+++ b/browser/themes/osx/compacttheme.css
@@ -4,8 +4,12 @@
 
 %include ../shared/compacttheme.inc.css
 
 /* Get rid of 1px bright strip at the top of window */
 #main-window[tabsintitlebar] #titlebar-content {
   background: var(--chrome-background-color);
 }
 
+#TabsToolbar:-moz-lwtheme-darktext {
+  -moz-appearance: -moz-mac-vibrancy-light;
+  -moz-font-smoothing-background-color: -moz-mac-vibrancy-light;
+}
--- a/browser/themes/shared/compacttheme.inc.css
+++ b/browser/themes/shared/compacttheme.inc.css
@@ -70,20 +70,16 @@ toolbar[brighttext] .toolbarbutton-1 {
 /* Change the base colors for the browser chrome */
 
 #TabsToolbar,
 #browser-panel {
   background: var(--chrome-background-color);
   color: var(--chrome-color);
 }
 
-#TabsToolbar:-moz-lwtheme-darktext {
-  -moz-appearance: -moz-mac-vibrancy-light;
-}
-
 #navigator-toolbox > toolbar:not(#TabsToolbar):not(#toolbar-menubar),
 .browserContainer > findbar,
 #browser-bottombox {
   background-color: var(--chrome-secondary-background-color) !important;
   background-image: none !important;
   color: var(--chrome-color);
 }
 
--- a/gfx/config/gfxVars.h
+++ b/gfx/config/gfxVars.h
@@ -42,20 +42,20 @@ class gfxVarReceiver;
   _(UseOMTP,                    bool,             false)                \
   _(AllowD3D11KeyedMutex,       bool,             false)                \
 
   /* Add new entries above this line. */
 
 // Define the default animation backend on the compositor. Now we don't use
 // stylo on the compositor only on Android, and this is a fixed flag. If
 // we want to update this flag, please add a new gfxVars for it.
-#if defined(ANDROID)
+#if defined(MOZ_STYLO) && !defined(ANDROID)
+  #define USE_STYLO_ON_COMPOSITOR true
+#else
   #define USE_STYLO_ON_COMPOSITOR false
-#else
-  #define USE_STYLO_ON_COMPOSITOR true
 #endif
 
 // Some graphics settings are computed on the UI process and must be
 // communicated to content and GPU processes. gfxVars helps facilitate
 // this. Its function is similar to gfxPrefs, except rather than hold
 // user preferences, it holds dynamically computed values.
 //
 // Each variable in GFX_VARS_LIST exposes the following static methods:
--- a/layout/reftests/bugs/reftest.list
+++ b/layout/reftests/bugs/reftest.list
@@ -285,17 +285,17 @@ fuzzy-if(skiaContent,1,5) == 262998-1.ht
 == 267353-1.html 267353-1-ref.html
 == 269908-1.html 269908-1-ref.html
 == 269908-2.html 269908-2-ref.html
 == 269908-3.html 269908-3-ref.html
 == 269908-4.html 269908-4-ref.html
 == 269908-5.html 269908-5-ref.html
 == 271747-1a.html 271747-1-ref.html
 == 271747-1b.html 271747-1-ref.html
-fails-if(stylo&&cocoaWidget) == 272646-1.xul 272646-1-ref.xul # bug 1410787
+== 272646-1.xul 272646-1-ref.xul
 == 272646-2a.xul 272646-2-ref.xul
 == 272646-2b.xul 272646-2-ref.xul
 == 272646-2c.xul 272646-2-ref.xul
 fuzzy-if(Android,3,50) fuzzy-if(skiaContent,1,133) == 273681-1.html 273681-1-ref.html
 == 278266-1a.html 278266-1-ref.html
 == 278266-1b.html 278266-1-ref.html
 == 280708-1a.html 280708-1-ref.html
 == 280708-1b.html 280708-1-ref.html
--- a/layout/reftests/webcomponents/reftest.list
+++ b/layout/reftests/webcomponents/reftest.list
@@ -10,8 +10,10 @@ pref(dom.webcomponents.enabled,true) == 
 pref(dom.webcomponents.enabled,true) == nested-insertion-point-1.html nested-insertion-point-1-ref.html
 pref(dom.webcomponents.enabled,true) == update-dist-node-descendants-1.html update-dist-node-descendants-1-ref.html
 pref(dom.webcomponents.enabled,true) fuzzy-if(Android,2,7) == input-transition-1.html input-transition-1-ref.html
 pref(dom.webcomponents.enabled,true) == dynamic-insertion-point-distribution-1.html dynamic-insertion-point-distribution-1-ref.html
 pref(dom.webcomponents.enabled,true) == dynamic-insertion-point-distribution-2.html dynamic-insertion-point-distribution-2-ref.html
 pref(dom.webcomponents.enabled,true) == remove-append-shadow-host-1.html remove-append-shadow-host-1-ref.html
 pref(dom.webcomponents.enabled,true) == reframe-shadow-child-1.html reframe-shadow-child-ref.html
 pref(dom.webcomponents.enabled,true) == reframe-shadow-child-2.html reframe-shadow-child-ref.html
+pref(dom.webcomponents.enabled,true) == style-sharing.html style-sharing-ref.html
+pref(dom.webcomponents.enabled,true) skip-if(!stylo||styloVsGecko) == style-sharing-across-shadow.html style-sharing-ref.html # bug 1412400
new file mode 100644
--- /dev/null
+++ b/layout/reftests/webcomponents/style-sharing-across-shadow.html
@@ -0,0 +1,22 @@
+<!doctype html>
+<style>
+  div { display: contents }
+</style>
+<div></div>
+<div></div>
+<script>
+  let divs = document.querySelectorAll('div');
+  divs[0].createShadowRoot().innerHTML = `
+    <style>
+      * { color: green; }
+    </style>
+    <span>Should be green</span>
+  `;
+  divs[1].createShadowRoot().innerHTML = `
+    <style>
+      * { color: initial; }
+      [foo] { }
+    </style>
+    <span>Should not be green</span>
+  `;
+</script>
new file mode 100644
--- /dev/null
+++ b/layout/reftests/webcomponents/style-sharing-ref.html
@@ -0,0 +1,5 @@
+<!doctype html>
+<div>
+  <span style="color: green">Should be green</span>
+  <span>Should not be green</span>
+</div>
new file mode 100644
--- /dev/null
+++ b/layout/reftests/webcomponents/style-sharing.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<div id="host"></div>
+<script>
+  let root = host.createShadowRoot();
+  root.innerHTML = `
+    <style>
+      #test {
+        color: green;
+      }
+    </style>
+    <span id="test">Should be green</span>
+    <span id="test2">Should not be green</span>
+  `;
+</script>
--- a/memory/build/mozjemalloc.cpp
+++ b/memory/build/mozjemalloc.cpp
@@ -110,16 +110,17 @@
 #include "mozmemory_wrap.h"
 #include "mozjemalloc.h"
 #include "mozilla/Atomics.h"
 #include "mozilla/DoublyLinkedList.h"
 #include "mozilla/GuardObjects.h"
 #include "mozilla/Likely.h"
 #include "mozilla/Sprintf.h"
 #include "mozilla/UniquePtr.h"
+#include "mozilla/Unused.h"
 
 /*
  * On Linux, we use madvise(MADV_DONTNEED) to release memory back to the
  * operating system.  If we release 1MB of live pages with MADV_DONTNEED, our
  * RSS will decrease by 1MB (almost) immediately.
  *
  * On Mac, we use madvise(MADV_FREE).  Unlike MADV_DONTNEED on Linux, MADV_FREE
  * on Mac doesn't cause the OS to release the specified pages immediately; the
@@ -1021,17 +1022,17 @@ private:
   void InitChunk(arena_chunk_t* aChunk, bool aZeroed);
 
   void DeallocChunk(arena_chunk_t* aChunk);
 
   arena_run_t* AllocRun(arena_bin_t* aBin, size_t aSize, bool aLarge, bool aZero);
 
   void DallocRun(arena_run_t* aRun, bool aDirty);
 
-  void SplitRun(arena_run_t* aRun, size_t aSize, bool aLarge, bool aZero);
+  MOZ_MUST_USE bool SplitRun(arena_run_t* aRun, size_t aSize, bool aLarge, bool aZero);
 
   void TrimRunHead(arena_chunk_t* aChunk, arena_run_t* aRun, size_t aOldSize, size_t aNewSize);
 
   void TrimRunTail(arena_chunk_t* aChunk, arena_run_t* aRun, size_t aOldSize, size_t aNewSize, bool dirty);
 
   inline void* MallocBinEasy(arena_bin_t* aBin, arena_run_t* aRun);
 
   void* MallocBinHard(arena_bin_t* aBin);
@@ -1356,69 +1357,75 @@ static inline const char *
 {
 
 	return ("<jemalloc>");
 }
 
 /******************************************************************************/
 
 static inline void
-pages_decommit(void *addr, size_t size)
+pages_decommit(void* aAddr, size_t aSize)
 {
-
 #ifdef XP_WIN
-	/*
-	* The region starting at addr may have been allocated in multiple calls
-	* to VirtualAlloc and recycled, so decommitting the entire region in one
-	* go may not be valid. However, since we allocate at least a chunk at a
-	* time, we may touch any region in chunksized increments.
-	*/
-	size_t pages_size = std::min(size, chunksize -
-		GetChunkOffsetForPtr(addr));
-	while (size > 0) {
-		if (!VirtualFree(addr, pages_size, MEM_DECOMMIT))
-			MOZ_CRASH();
-		addr = (void *)((uintptr_t)addr + pages_size);
-		size -= pages_size;
-		pages_size = std::min(size, chunksize);
-	}
+  /*
+   * The region starting at addr may have been allocated in multiple calls
+   * to VirtualAlloc and recycled, so decommitting the entire region in one
+   * go may not be valid. However, since we allocate at least a chunk at a
+   * time, we may touch any region in chunksized increments.
+   */
+  size_t pages_size = std::min(aSize, chunksize - GetChunkOffsetForPtr(aAddr));
+  while (aSize > 0) {
+    if (!VirtualFree(aAddr, pages_size, MEM_DECOMMIT)) {
+      MOZ_CRASH();
+    }
+    aAddr = (void*)((uintptr_t)aAddr + pages_size);
+    aSize -= pages_size;
+    pages_size = std::min(aSize, chunksize);
+  }
 #else
-	if (mmap(addr, size, PROT_NONE, MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1,
-	    0) == MAP_FAILED)
-		MOZ_CRASH();
-	MozTagAnonymousMemory(addr, size, "jemalloc-decommitted");
+  if (mmap(aAddr, aSize, PROT_NONE, MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0) ==
+      MAP_FAILED) {
+    MOZ_CRASH();
+  }
+  MozTagAnonymousMemory(aAddr, aSize, "jemalloc-decommitted");
 #endif
 }
 
-static inline void
-pages_commit(void *addr, size_t size)
+/* Commit pages. Returns whether pages were committed. */
+MOZ_MUST_USE static inline bool
+pages_commit(void* aAddr, size_t aSize)
 {
-
-#  ifdef XP_WIN
-	/*
-	* The region starting at addr may have been allocated in multiple calls
-	* to VirtualAlloc and recycled, so committing the entire region in one
-	* go may not be valid. However, since we allocate at least a chunk at a
-	* time, we may touch any region in chunksized increments.
-	*/
-	size_t pages_size = std::min(size, chunksize -
-		GetChunkOffsetForPtr(addr));
-	while (size > 0) {
-		if (!VirtualAlloc(addr, pages_size, MEM_COMMIT, PAGE_READWRITE))
-			MOZ_CRASH();
-		addr = (void *)((uintptr_t)addr + pages_size);
-		size -= pages_size;
-		pages_size = std::min(size, chunksize);
-	}
-#  else
-	if (mmap(addr, size, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_PRIVATE |
-	    MAP_ANON, -1, 0) == MAP_FAILED)
-		MOZ_CRASH();
-	MozTagAnonymousMemory(addr, size, "jemalloc");
-#  endif
+#ifdef XP_WIN
+  /*
+   * The region starting at addr may have been allocated in multiple calls
+   * to VirtualAlloc and recycled, so committing the entire region in one
+   * go may not be valid. However, since we allocate at least a chunk at a
+   * time, we may touch any region in chunksized increments.
+   */
+  size_t pages_size = std::min(aSize, chunksize - GetChunkOffsetForPtr(aAddr));
+  while (aSize > 0) {
+    if (!VirtualAlloc(aAddr, pages_size, MEM_COMMIT, PAGE_READWRITE)) {
+      return false;
+    }
+    aAddr = (void*)((uintptr_t)aAddr + pages_size);
+    aSize -= pages_size;
+    pages_size = std::min(aSize, chunksize);
+  }
+#else
+  if (mmap(aAddr,
+           aSize,
+           PROT_READ | PROT_WRITE,
+           MAP_FIXED | MAP_PRIVATE | MAP_ANON,
+           -1,
+           0) == MAP_FAILED) {
+    return false;
+  }
+  MozTagAnonymousMemory(aAddr, aSize, "jemalloc");
+#endif
+  return true;
 }
 
 static bool
 base_pages_alloc(size_t minsize)
 {
 	size_t csize;
 	size_t pminsize;
 
@@ -1464,36 +1471,38 @@ base_alloc(size_t aSize)
   /* Allocate. */
   ret = base_next_addr;
   base_next_addr = (void*)((uintptr_t)base_next_addr + csize);
   /* Make sure enough pages are committed for the new allocation. */
   if ((uintptr_t)base_next_addr > (uintptr_t)base_next_decommitted) {
     void* pbase_next_addr = (void*)(PAGE_CEILING((uintptr_t)base_next_addr));
 
 #  ifdef MALLOC_DECOMMIT
-    pages_commit(base_next_decommitted, (uintptr_t)pbase_next_addr -
-        (uintptr_t)base_next_decommitted);
+    if (!pages_commit(base_next_decommitted,
+                      (uintptr_t)pbase_next_addr -
+                        (uintptr_t)base_next_decommitted)) {
+      return nullptr;
+    }
 #  endif
     base_next_decommitted = pbase_next_addr;
     base_committed += (uintptr_t)pbase_next_addr -
         (uintptr_t)base_next_decommitted;
   }
 
   return ret;
 }
 
-static void *
-base_calloc(size_t number, size_t size)
+static void*
+base_calloc(size_t aNumber, size_t aSize)
 {
-	void *ret;
-
-	ret = base_alloc(number * size);
-	memset(ret, 0, number * size);
-
-	return (ret);
+  void* ret = base_alloc(aNumber * aSize);
+  if (ret) {
+    memset(ret, 0, aNumber * aSize);
+  }
+  return ret;
 }
 
 static extent_node_t *
 base_node_alloc(void)
 {
 	extent_node_t *ret;
 
 	base_mtx.Lock();
@@ -1989,17 +1998,19 @@ chunk_recycle(size_t aSize, size_t aAlig
   gRecycledSize -= aSize;
 
   chunks_mtx.Unlock();
 
   if (node) {
     base_node_dealloc(node);
   }
 #ifdef MALLOC_DECOMMIT
-  pages_commit(ret, aSize);
+  if (!pages_commit(ret, aSize)) {
+    return nullptr;
+  }
   // pages_commit is guaranteed to zero the chunk.
   if (aZeroed) {
     *aZeroed = true;
   }
 #endif
   return ret;
 }
 
@@ -2404,44 +2415,31 @@ arena_run_reg_dalloc(arena_run_t *run, a
 		run->regs_minelm = elm;
 	bit = regind - (elm << (SIZEOF_INT_2POW + 3));
 	MOZ_DIAGNOSTIC_ASSERT((run->regs_mask[elm] & (1U << bit)) == 0);
 	run->regs_mask[elm] |= (1U << bit);
 #undef SIZE_INV
 #undef SIZE_INV_SHIFT
 }
 
-void
+bool
 arena_t::SplitRun(arena_run_t* aRun, size_t aSize, bool aLarge, bool aZero)
 {
   arena_chunk_t* chunk;
   size_t old_ndirty, run_ind, total_pages, need_pages, rem_pages, i;
 
   chunk = GetChunkForPtr(aRun);
   old_ndirty = chunk->ndirty;
   run_ind = (unsigned)((uintptr_t(aRun) - uintptr_t(chunk)) >> pagesize_2pow);
   total_pages = (chunk->map[run_ind].bits & ~pagesize_mask) >> pagesize_2pow;
   need_pages = (aSize >> pagesize_2pow);
   MOZ_ASSERT(need_pages > 0);
   MOZ_ASSERT(need_pages <= total_pages);
   rem_pages = total_pages - need_pages;
 
-  mRunsAvail.Remove(&chunk->map[run_ind]);
-
-  /* Keep track of trailing unused pages for later use. */
-  if (rem_pages > 0) {
-    chunk->map[run_ind+need_pages].bits = (rem_pages <<
-        pagesize_2pow) | (chunk->map[run_ind+need_pages].bits &
-        pagesize_mask);
-    chunk->map[run_ind+total_pages-1].bits = (rem_pages <<
-        pagesize_2pow) | (chunk->map[run_ind+total_pages-1].bits &
-        pagesize_mask);
-    mRunsAvail.Insert(&chunk->map[run_ind+need_pages]);
-  }
-
   for (i = 0; i < need_pages; i++) {
     /*
      * Commit decommitted pages if necessary.  If a decommitted
      * page is encountered, commit all needed adjacent decommitted
      * pages in one operation, in order to reduce system call
      * overhead.
      */
     if (chunk->map[run_ind + i].bits & CHUNK_MAP_MADVISED_OR_DECOMMITTED) {
@@ -2458,27 +2456,48 @@ arena_t::SplitRun(arena_run_t* aRun, siz
         MOZ_ASSERT(!(chunk->map[run_ind + i + j].bits & CHUNK_MAP_DECOMMITTED &&
                chunk->map[run_ind + i + j].bits & CHUNK_MAP_MADVISED));
 
         chunk->map[run_ind + i + j].bits &=
             ~CHUNK_MAP_MADVISED_OR_DECOMMITTED;
       }
 
 #  ifdef MALLOC_DECOMMIT
-      pages_commit((void*)(uintptr_t(chunk) + ((run_ind + i) << pagesize_2pow)),
-                   j << pagesize_2pow);
+      bool committed = pages_commit(
+        (void*)(uintptr_t(chunk) + ((run_ind + i) << pagesize_2pow)),
+        j << pagesize_2pow);
+      // pages_commit zeroes pages, so mark them as such if it succeeded.
+      // That's checked further below to avoid manually zeroing the pages.
+      for (size_t k = 0; k < j; k++) {
+        chunk->map[run_ind + i + k].bits |=
+          committed ? CHUNK_MAP_ZEROED : CHUNK_MAP_DECOMMITTED;
+      }
+      if (!committed) {
+        return false;
+      }
 #  endif
 
       mStats.committed += j;
-
     }
-#  ifdef MALLOC_DECOMMIT
-    else /* No need to zero since commit zeroes. */
-#  endif
-
+  }
+
+  mRunsAvail.Remove(&chunk->map[run_ind]);
+
+  /* Keep track of trailing unused pages for later use. */
+  if (rem_pages > 0) {
+    chunk->map[run_ind+need_pages].bits = (rem_pages <<
+        pagesize_2pow) | (chunk->map[run_ind+need_pages].bits &
+        pagesize_mask);
+    chunk->map[run_ind+total_pages-1].bits = (rem_pages <<
+        pagesize_2pow) | (chunk->map[run_ind+total_pages-1].bits &
+        pagesize_mask);
+    mRunsAvail.Insert(&chunk->map[run_ind+need_pages]);
+  }
+
+  for (i = 0; i < need_pages; i++) {
     /* Zero if necessary. */
     if (aZero) {
       if ((chunk->map[run_ind + i].bits & CHUNK_MAP_ZEROED) == 0) {
         memset((void*)(uintptr_t(chunk) + ((run_ind + i) << pagesize_2pow)),
                0, pagesize);
         /* CHUNK_MAP_ZEROED is cleared below. */
       }
     }
@@ -2506,16 +2525,17 @@ arena_t::SplitRun(arena_run_t* aRun, siz
    */
   if (aLarge) {
     chunk->map[run_ind].bits |= aSize;
   }
 
   if (chunk->ndirty == 0 && old_ndirty > 0) {
     mChunksDirty.Remove(chunk);
   }
+  return true;
 }
 
 void
 arena_t::InitChunk(arena_chunk_t* aChunk, bool aZeroed)
 {
   size_t i;
   /* WARNING: The following relies on !aZeroed meaning "used to be an arena
          * chunk".
@@ -2616,49 +2636,40 @@ arena_t::AllocRun(arena_bin_t* aBin, siz
   key.bits = aSize | CHUNK_MAP_KEY;
   mapelm = mRunsAvail.SearchOrNext(&key);
   if (mapelm) {
     arena_chunk_t* chunk = GetChunkForPtr(mapelm);
     size_t pageind = (uintptr_t(mapelm) - uintptr_t(chunk->map)) /
         sizeof(arena_chunk_map_t);
 
     run = (arena_run_t*)(uintptr_t(chunk) + (pageind << pagesize_2pow));
-    SplitRun(run, aSize, aLarge, aZero);
-    return run;
-  }
-
-  if (mSpare) {
+  } else if (mSpare) {
     /* Use the spare. */
     arena_chunk_t* chunk = mSpare;
     mSpare = nullptr;
     run = (arena_run_t*)(uintptr_t(chunk) + (arena_chunk_header_npages << pagesize_2pow));
     /* Insert the run into the tree of available runs. */
     mRunsAvail.Insert(&chunk->map[arena_chunk_header_npages]);
-    SplitRun(run, aSize, aLarge, aZero);
-    return run;
-  }
-
-  /*
-   * No usable runs.  Create a new chunk from which to allocate
-   * the run.
-   */
-  {
+  } else {
+    /*
+     * No usable runs.  Create a new chunk from which to allocate
+     * the run.
+     */
     bool zeroed;
     arena_chunk_t* chunk = (arena_chunk_t*)
         chunk_alloc(chunksize, chunksize, false, &zeroed);
     if (!chunk) {
       return nullptr;
     }
 
     InitChunk(chunk, zeroed);
     run = (arena_run_t*)(uintptr_t(chunk) + (arena_chunk_header_npages << pagesize_2pow));
   }
   /* Update page map. */
-  SplitRun(run, aSize, aLarge, aZero);
-  return run;
+  return SplitRun(run, aSize, aLarge, aZero) ? run : nullptr;
 }
 
 void
 arena_t::Purge(bool aAll)
 {
   arena_chunk_t* chunk;
   size_t i, npages;
   /* If all is set purge all dirty pages. */
@@ -3685,16 +3696,17 @@ arena_t::RallocShrinkLarge(arena_chunk_t
    * Shrink the run, and make trailing pages available for other
    * allocations.
    */
   MutexAutoLock lock(mLock);
   TrimRunTail(aChunk, (arena_run_t*)aPtr, aOldSize, aSize, true);
   mStats.allocated_large -= aOldSize - aSize;
 }
 
+/* Returns whether reallocation was successful. */
 bool
 arena_t::RallocGrowLarge(arena_chunk_t* aChunk, void* aPtr, size_t aSize,
                          size_t aOldSize)
 {
   size_t pageind = (uintptr_t(aPtr) - uintptr_t(aChunk)) >> pagesize_2pow;
   size_t npages = aOldSize >> pagesize_2pow;
 
   MutexAutoLock lock(mLock);
@@ -3705,72 +3717,74 @@ arena_t::RallocGrowLarge(arena_chunk_t* 
   if (pageind + npages < chunk_npages && (aChunk->map[pageind+npages].bits
       & CHUNK_MAP_ALLOCATED) == 0 && (aChunk->map[pageind+npages].bits &
       ~pagesize_mask) >= aSize - aOldSize) {
     /*
      * The next run is available and sufficiently large.  Split the
      * following run, then merge the first part with the existing
      * allocation.
      */
-    SplitRun((arena_run_t *)(uintptr_t(aChunk) +
-        ((pageind+npages) << pagesize_2pow)), aSize - aOldSize, true,
-        false);
+    if (!SplitRun((arena_run_t*)(uintptr_t(aChunk) +
+                                 ((pageind + npages) << pagesize_2pow)),
+                  aSize - aOldSize,
+                  true,
+                  false)) {
+      return false;
+    }
 
     aChunk->map[pageind].bits = aSize | CHUNK_MAP_LARGE |
         CHUNK_MAP_ALLOCATED;
     aChunk->map[pageind+npages].bits = CHUNK_MAP_LARGE |
         CHUNK_MAP_ALLOCATED;
 
     mStats.allocated_large += aSize - aOldSize;
-    return false;
+    return true;
   }
 
-  return true;
+  return false;
 }
 
 /*
  * Try to resize a large allocation, in order to avoid copying.  This will
  * always fail if growing an object, and the following run is already in use.
+ * Returns whether reallocation was successful.
  */
 static bool
-arena_ralloc_large(void *ptr, size_t size, size_t oldsize)
+arena_ralloc_large(void* aPtr, size_t aSize, size_t aOldSize)
 {
-	size_t psize;
-
-	psize = PAGE_CEILING(size);
-	if (psize == oldsize) {
-		/* Same size class. */
-		if (size < oldsize) {
-			memset((void *)((uintptr_t)ptr + size), kAllocPoison, oldsize -
-			    size);
-		}
-		return (false);
-	} else {
-		arena_chunk_t *chunk;
-		arena_t *arena;
-
-		chunk = GetChunkForPtr(ptr);
-		arena = chunk->arena;
-		MOZ_DIAGNOSTIC_ASSERT(arena->mMagic == ARENA_MAGIC);
-
-		if (psize < oldsize) {
-			/* Fill before shrinking in order avoid a race. */
-			memset((void *)((uintptr_t)ptr + size), kAllocPoison,
-			    oldsize - size);
-			arena->RallocShrinkLarge(chunk, ptr, psize, oldsize);
-			return (false);
-		} else {
-			bool ret = arena->RallocGrowLarge(chunk, ptr, psize, oldsize);
-			if (ret == false && opt_zero) {
-				memset((void *)((uintptr_t)ptr + oldsize), 0,
-				    size - oldsize);
-			}
-			return (ret);
-		}
-	}
+  size_t psize;
+
+  psize = PAGE_CEILING(aSize);
+  if (psize == aOldSize) {
+    /* Same size class. */
+    if (aSize < aOldSize) {
+      memset((void*)((uintptr_t)aPtr + aSize), kAllocPoison, aOldSize - aSize);
+    }
+    return true;
+  } else {
+    arena_chunk_t* chunk;
+    arena_t* arena;
+
+    chunk = GetChunkForPtr(aPtr);
+    arena = chunk->arena;
+    MOZ_DIAGNOSTIC_ASSERT(arena->mMagic == ARENA_MAGIC);
+
+    if (psize < aOldSize) {
+      /* Fill before shrinking in order avoid a race. */
+      memset((void*)((uintptr_t)aPtr + aSize), kAllocPoison, aOldSize - aSize);
+      arena->RallocShrinkLarge(chunk, aPtr, psize, aOldSize);
+      return true;
+    } else {
+      bool ret = arena->RallocGrowLarge(chunk, aPtr, psize, aOldSize);
+      if (ret && opt_zero) {
+        memset((void*)((uintptr_t)aPtr + aOldSize), 0, aSize - aOldSize);
+      }
+      return ret;
+    }
+  }
 }
 
 static void*
 arena_ralloc(void* aPtr, size_t aSize, size_t aOldSize, arena_t* aArena)
 {
   void* ret;
   size_t copysize;
 
@@ -3789,17 +3803,17 @@ arena_ralloc(void* aPtr, size_t aSize, s
     }
   } else if (aSize <= bin_maxclass) {
     if (aOldSize > small_max && aOldSize <= bin_maxclass &&
         pow2_ceil(aSize) == pow2_ceil(aOldSize)) {
       goto IN_PLACE; /* Same size class. */
     }
   } else if (aOldSize > bin_maxclass && aOldSize <= arena_maxclass) {
     MOZ_ASSERT(aSize > bin_maxclass);
-    if (arena_ralloc_large(aPtr, aSize, aOldSize) == false) {
+    if (arena_ralloc_large(aPtr, aSize, aOldSize)) {
       return aPtr;
     }
   }
 
   /*
    * If we get here, then aSize and aOldSize are different enough that we
    * need to move the object.  In that case, fall back to allocating new
    * space and copying.
@@ -4088,17 +4102,20 @@ huge_ralloc(void* aPtr, size_t aSize, si
       key.addr = const_cast<void*>(aPtr);
       extent_node_t* node = huge.Search(&key);
       MOZ_ASSERT(node);
       MOZ_ASSERT(node->size == aOldSize);
       huge_allocated -= aOldSize - psize;
       /* No need to change huge_mapped, because we didn't (un)map anything. */
       node->size = psize;
     } else if (psize > aOldSize) {
-      pages_commit((void*)((uintptr_t)aPtr + aOldSize), psize - aOldSize);
+      if (!pages_commit((void*)((uintptr_t)aPtr + aOldSize),
+                        psize - aOldSize)) {
+        return nullptr;
+      }
     }
 #endif
 
     /* Although we don't have to commit or decommit anything if
      * DECOMMIT is not defined and the size class didn't change, we
      * do need to update the recorded size if the size increased,
      * so malloc_usable_size doesn't return a value smaller than
      * what was requested via realloc(). */
@@ -4781,41 +4798,42 @@ MozJemalloc::jemalloc_stats(jemalloc_sta
   MOZ_ASSERT(aStats->mapped >= aStats->allocated + aStats->waste +
              aStats->page_cache + aStats->bookkeeping);
 }
 
 #ifdef MALLOC_DOUBLE_PURGE
 
 /* Explicitly remove all of this chunk's MADV_FREE'd pages from memory. */
 static void
-hard_purge_chunk(arena_chunk_t *chunk)
+hard_purge_chunk(arena_chunk_t* aChunk)
 {
-	/* See similar logic in arena_t::Purge(). */
-
-	size_t i;
-	for (i = arena_chunk_header_npages; i < chunk_npages; i++) {
-		/* Find all adjacent pages with CHUNK_MAP_MADVISED set. */
-		size_t npages;
-		for (npages = 0;
-		     chunk->map[i + npages].bits & CHUNK_MAP_MADVISED && i + npages < chunk_npages;
-		     npages++) {
-			/* Turn off the chunk's MADV_FREED bit and turn on its
-			 * DECOMMITTED bit. */
-			MOZ_DIAGNOSTIC_ASSERT(!(chunk->map[i + npages].bits & CHUNK_MAP_DECOMMITTED));
-			chunk->map[i + npages].bits ^= CHUNK_MAP_MADVISED_OR_DECOMMITTED;
-		}
-
-		/* We could use mincore to find out which pages are actually
-		 * present, but it's not clear that's better. */
-		if (npages > 0) {
-			pages_decommit(((char*)chunk) + (i << pagesize_2pow), npages << pagesize_2pow);
-			pages_commit(((char*)chunk) + (i << pagesize_2pow), npages << pagesize_2pow);
-		}
-		i += npages;
-	}
+  /* See similar logic in arena_t::Purge(). */
+  for (size_t i = arena_chunk_header_npages; i < chunk_npages; i++) {
+    /* Find all adjacent pages with CHUNK_MAP_MADVISED set. */
+    size_t npages;
+    for (npages = 0; aChunk->map[i + npages].bits & CHUNK_MAP_MADVISED &&
+                     i + npages < chunk_npages;
+         npages++) {
+      /* Turn off the chunk's MADV_FREED bit and turn on its
+       * DECOMMITTED bit. */
+      MOZ_DIAGNOSTIC_ASSERT(
+        !(aChunk->map[i + npages].bits & CHUNK_MAP_DECOMMITTED));
+      aChunk->map[i + npages].bits ^= CHUNK_MAP_MADVISED_OR_DECOMMITTED;
+    }
+
+    /* We could use mincore to find out which pages are actually
+     * present, but it's not clear that's better. */
+    if (npages > 0) {
+      pages_decommit(((char*)aChunk) + (i << pagesize_2pow),
+                     npages << pagesize_2pow);
+      mozilla::Unused << pages_commit(((char*)aChunk) + (i << pagesize_2pow),
+                                      npages << pagesize_2pow);
+    }
+    i += npages;
+  }
 }
 
 /* Explicitly remove all of this arena's MADV_FREE'd pages from memory. */
 void
 arena_t::HardPurge()
 {
   MutexAutoLock lock(mLock);
 
--- a/memory/replace/logalloc/replay/moz.build
+++ b/memory/replace/logalloc/replay/moz.build
@@ -4,16 +4,17 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Program('logalloc-replay')
 
 SOURCES += [
     '../FdPrintf.cpp',
     '/mfbt/Assertions.cpp',
+    '/mfbt/Unused.cpp',
     'Replay.cpp',
 ]
 
 LOCAL_INCLUDES += [
     '..',
 ]
 
 # Link replace-malloc and the default allocator.
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -1463,37 +1463,37 @@ AuthCertificate(CertVerifier& certVerifi
     // a client cert. Let's provide a minimal SSLStatus
     // to the caller that contains at least the cert and its status.
     RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
     if (!status) {
       status = new nsSSLStatus();
       infoObject->SetSSLStatus(status);
     }
 
-    if (!status->HasServerCert()) {
-      EVStatus evStatus;
-      if (evOidPolicy == SEC_OID_UNKNOWN) {
-        evStatus = EVStatus::NotEV;
-      } else {
-        evStatus = EVStatus::EV;
-      }
+    EVStatus evStatus;
+    if (evOidPolicy == SEC_OID_UNKNOWN) {
+      evStatus = EVStatus::NotEV;
+    } else {
+      evStatus = EVStatus::EV;
+    }
 
-      RefPtr<nsNSSCertificate> nsc = nsNSSCertificate::Create(cert.get());
-      status->SetServerCert(nsc, evStatus);
-      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
-              ("AuthCertificate setting NEW cert %p", nsc.get()));
-    }
+    RefPtr<nsNSSCertificate> nsc = nsNSSCertificate::Create(cert.get());
+    status->SetServerCert(nsc, evStatus);
+
+    status->SetSucceededCertChain(Move(certList));
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+        ("AuthCertificate setting NEW cert %p", nsc.get()));
 
     status->SetCertificateTransparencyInfo(certificateTransparencyInfo);
   }
 
   if (rv != Success) {
     // Certificate validation failed; store the peer certificate chain on
     // infoObject so it can be used for error reporting.
-    infoObject->SetFailedCertChain(Move(peerCertChain));
+    infoObject->SetFailedCertChain(Move(certList));
     PR_SetError(MapResultToPRErrorCode(rv), 0);
   }
 
   return rv == Success ? SECSuccess : SECFailure;
 }
 
 /*static*/ SECStatus
 SSLServerCertVerificationJob::Dispatch(
--- a/security/manager/ssl/StaticHPKPins.h
+++ b/security/manager/ssl/StaticHPKPins.h
@@ -1153,9 +1153,9 @@ static const TransportSecurityPreload kP
   { "za.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
 };
 
 // Pinning Preload List Length = 480;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1517596541822000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1517682914510000);
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -1007,16 +1007,17 @@ TransportSecurityInfo::SetStatusErrorBit
 {
   MutexAutoLock lock(mMutex);
 
   if (!mSSLStatus) {
     mSSLStatus = new nsSSLStatus();
   }
 
   mSSLStatus->SetServerCert(cert, EVStatus::NotEV);
+  mSSLStatus->SetFailedCertChain(mFailedCertChain);
 
   mSSLStatus->mHaveCertErrorBits = true;
   mSSLStatus->mIsDomainMismatch =
     collected_errors & nsICertOverrideService::ERROR_MISMATCH;
   mSSLStatus->mIsNotValidAtThisTime =
     collected_errors & nsICertOverrideService::ERROR_TIME;
   mSSLStatus->mIsUntrusted =
     collected_errors & nsICertOverrideService::ERROR_UNTRUSTED;
--- a/security/manager/ssl/nsISSLStatus.idl
+++ b/security/manager/ssl/nsISSLStatus.idl
@@ -2,20 +2,23 @@
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 
 interface nsIX509Cert;
+interface nsIX509CertList;
 
 [scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)]
 interface nsISSLStatus : nsISupports {
   readonly attribute nsIX509Cert serverCert;
+  readonly attribute nsIX509CertList failedCertChain;
+  readonly attribute nsIX509CertList succeededCertChain;
 
   [must_use]
   readonly attribute ACString cipherName;
   [must_use]
   readonly attribute unsigned long keyLength;
   [must_use]
   readonly attribute unsigned long secretKeyLength;
   [must_use]
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -1216,26 +1216,26 @@ DetermineEVAndCTStatusAndSetNewCert(RefP
               mozilla::psm::CertVerifier::FLAG_MUST_BE_EV;
   if (!infoObject->SharedState().IsOCSPStaplingEnabled() ||
       !infoObject->SharedState().IsOCSPMustStapleEnabled()) {
     flags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
   }
 
   SECOidTag evOidPolicy;
   CertificateTransparencyInfo certificateTransparencyInfo;
-  UniqueCERTCertList unusedBuiltChain;
+  UniqueCERTCertList builtChain;
   const bool saveIntermediates = false;
   mozilla::pkix::Result rv = certVerifier->VerifySSLServerCert(
     cert,
     stapledOCSPResponse,
     sctsFromTLSExtension,
     mozilla::pkix::Now(),
     infoObject,
     infoObject->GetHostName(),
-    unusedBuiltChain,
+    builtChain,
     saveIntermediates,
     flags,
     infoObject->GetOriginAttributes(),
     &evOidPolicy,
     nullptr, // OCSP stapling telemetry
     nullptr, // key size telemetry
     nullptr, // SHA-1 telemetry
     nullptr, // pinning telemetry
@@ -1250,16 +1250,17 @@ DetermineEVAndCTStatusAndSetNewCert(RefP
   } else {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
             ("HandshakeCallback using NEW cert %p (is not EV)", nssc.get()));
     sslStatus->SetServerCert(nssc, EVStatus::NotEV);
   }
 
   if (rv == Success) {
     sslStatus->SetCertificateTransparencyInfo(certificateTransparencyInfo);
+    sslStatus->SetSucceededCertChain(Move(builtChain));
   }
 }
 
 void HandshakeCallback(PRFileDesc* fd, void* client_data) {
   nsNSSShutDownPreventionLock locker;
   SECStatus rv;
 
   nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
--- a/security/manager/ssl/nsSSLStatus.cpp
+++ b/security/manager/ssl/nsSSLStatus.cpp
@@ -6,18 +6,25 @@
 
 #include "CTVerifyResult.h"
 #include "mozilla/Casting.h"
 #include "nsSSLStatus.h"
 #include "nsIClassInfoImpl.h"
 #include "nsIObjectOutputStream.h"
 #include "nsIObjectInputStream.h"
 #include "nsNSSCertificate.h"
+#include "nsNSSShutDown.h"
 #include "ssl.h"
 
+
+void
+nsSSLStatus::virtualDestroyNSSReference()
+{
+}
+
 NS_IMETHODIMP
 nsSSLStatus::GetServerCert(nsIX509Cert** aServerCert)
 {
   NS_ENSURE_ARG_POINTER(aServerCert);
 
   nsCOMPtr<nsIX509Cert> cert = mServerCert;
   cert.forget(aServerCert);
   return NS_OK;
@@ -220,24 +227,41 @@ nsSSLStatus::Read(nsIObjectInputStream* 
   if (streamFormatVersion >= 2) {
     rv = aStream->ReadCString(mKeaGroup);
     NS_ENSURE_SUCCESS(rv, rv);
 
     rv = aStream->ReadCString(mSignatureSchemeName);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
+  // Added in version 3 (see bug 1406856).
+  if (streamFormatVersion >= 3) {
+    nsCOMPtr<nsISupports> succeededCertChainSupports;
+    rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(succeededCertChainSupports));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    mSucceededCertChain = do_QueryInterface(succeededCertChainSupports);
+
+    nsCOMPtr<nsISupports> failedCertChainSupports;
+    rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(failedCertChainSupports));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    mFailedCertChain = do_QueryInterface(failedCertChainSupports);
+  }
+
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsSSLStatus::Write(nsIObjectOutputStream* aStream)
 {
   // The current version of the binary stream format.
-  const uint8_t STREAM_FORMAT_VERSION = 2;
+  const uint8_t STREAM_FORMAT_VERSION = 3;
 
   nsresult rv = aStream->WriteCompoundObject(mServerCert,
                                              NS_GET_IID(nsIX509Cert),
                                              true);
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = aStream->Write16(mCipherSuite);
   NS_ENSURE_SUCCESS(rv, rv);
@@ -270,16 +294,33 @@ nsSSLStatus::Write(nsIObjectOutputStream
 
   // Added in version 2.
   rv = aStream->WriteStringZ(mKeaGroup.get());
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = aStream->WriteStringZ(mSignatureSchemeName.get());
   NS_ENSURE_SUCCESS(rv, rv);
 
+  // Added in version 3.
+  rv = NS_WriteOptionalCompoundObject(aStream,
+                                      mSucceededCertChain,
+                                      NS_GET_IID(nsIX509CertList),
+                                      true);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = NS_WriteOptionalCompoundObject(aStream,
+                                      mFailedCertChain,
+                                      NS_GET_IID(nsIX509CertList),
+                                      true);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsSSLStatus::GetInterfaces(uint32_t* aCount, nsIID*** aArray)
 {
   *aCount = 0;
   *aArray = nullptr;
@@ -349,28 +390,75 @@ nsSSLStatus::nsSSLStatus()
 , mHaveCertErrorBits(false)
 {
 }
 
 NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo)
 
 nsSSLStatus::~nsSSLStatus()
 {
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  shutdown(ShutdownCalledFrom::Object);
 }
 
 void
 nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus)
 {
   MOZ_ASSERT(aServerCert);
 
   mServerCert = aServerCert;
   mIsEV = (aEVStatus == EVStatus::EV);
   mHasIsEVStatus = true;
 }
 
+nsresult
+nsSSLStatus::SetSucceededCertChain(UniqueCERTCertList aCertList)
+{
+  nsNSSShutDownPreventionLock lock;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // nsNSSCertList takes ownership of certList
+  mSucceededCertChain = new nsNSSCertList(Move(aCertList), lock);
+
+  return NS_OK;
+}
+
+void
+nsSSLStatus::SetFailedCertChain(nsIX509CertList* aX509CertList)
+{
+  mFailedCertChain = aX509CertList;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetSucceededCertChain(nsIX509CertList** _result)
+{
+  NS_ENSURE_ARG_POINTER(_result);
+
+  nsCOMPtr<nsIX509CertList> tmpList = mSucceededCertChain;
+  tmpList.forget(_result);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetFailedCertChain(nsIX509CertList** _result)
+{
+  NS_ENSURE_ARG_POINTER(_result);
+
+  nsCOMPtr<nsIX509CertList> tmpList = mFailedCertChain;
+  tmpList.forget(_result);
+
+  return NS_OK;
+}
+
 void
 nsSSLStatus::SetCertificateTransparencyInfo(
   const mozilla::psm::CertificateTransparencyInfo& info)
 {
   using mozilla::ct::CTPolicyCompliance;
 
   mCertificateTransparencyStatus =
     nsISSLStatus::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE;
--- a/security/manager/ssl/nsSSLStatus.h
+++ b/security/manager/ssl/nsSSLStatus.h
@@ -7,50 +7,59 @@
 #ifndef _NSSSLSTATUS_H
 #define _NSSSLSTATUS_H
 
 #include "CertVerifier.h" // For CertificateTransparencyInfo
 #include "nsISSLStatus.h"
 #include "nsCOMPtr.h"
 #include "nsString.h"
 #include "nsIX509Cert.h"
+#include "nsIX509CertList.h"
 #include "nsISerializable.h"
 #include "nsIClassInfo.h"
+#include "nsNSSCertificate.h"
+#include "ScopedNSSTypes.h"
 
 class nsNSSCertificate;
 
 enum class EVStatus {
   NotEV = 0,
   EV = 1,
 };
 
 class nsSSLStatus final
   : public nsISSLStatus
   , public nsISerializable
   , public nsIClassInfo
+  , public nsNSSShutDownObject
 {
 protected:
   virtual ~nsSSLStatus();
 public:
   NS_DECL_THREADSAFE_ISUPPORTS
   NS_DECL_NSISSLSTATUS
   NS_DECL_NSISERIALIZABLE
   NS_DECL_NSICLASSINFO
 
   nsSSLStatus();
 
   void SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus);
 
+  nsresult SetSucceededCertChain(mozilla::UniqueCERTCertList certList);
+  void SetFailedCertChain(nsIX509CertList* x509CertList);
+
   bool HasServerCert() {
     return mServerCert != nullptr;
   }
 
   void SetCertificateTransparencyInfo(
     const mozilla::psm::CertificateTransparencyInfo& info);
 
+  virtual void virtualDestroyNSSReference() override;
+
   /* public for initilization in this file */
   uint16_t mCipherSuite;
   uint16_t mProtocolVersion;
   uint16_t mCertificateTransparencyStatus;
   nsCString mKeaGroup;
   nsCString mSignatureSchemeName;
 
   bool mIsDomainMismatch;
@@ -62,15 +71,17 @@ public:
   bool mHaveCipherSuiteAndProtocol;
 
   /* mHaveCertErrrorBits is relied on to determine whether or not a SPDY
      connection is eligible for joining in nsNSSSocketInfo::JoinConnection() */
   bool mHaveCertErrorBits;
 
 private:
   nsCOMPtr<nsIX509Cert> mServerCert;
+  nsCOMPtr<nsIX509CertList> mSucceededCertChain;
+  nsCOMPtr<nsIX509CertList> mFailedCertChain;
 };
 
 #define NS_SSLSTATUS_CID \
 { 0xe2f14826, 0x9e70, 0x4647, \
   { 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } }
 
 #endif
--- a/security/manager/ssl/nsSTSPreloadList.errors
+++ b/security/manager/ssl/nsSTSPreloadList.errors
@@ -1,69 +1,78 @@
 06se.com: could not connect to host
 0day.su: could not connect to host
 47tech.com: could not connect to host
 4loc.us: could not connect to host
 4x4.lk: could not connect to host
-68277.me: could not connect to host
 8560.be: could not connect to host
 87577.com: could not connect to host
 8887999.com: could not connect to host
 8ack.de: could not connect to host
 8ox.ru: could not connect to host
 8t88.biz: could not connect to host
 91-freedom.com: could not connect to host
+9ss6.com: could not connect to host
 aaronmcguire.me: could not connect to host
 abolition.co: could not connect to host
 accwing.com: could not connect to host
 acrossgw.com: could not connect to host
 adamgold.net: could not connect to host
+adzie.xyz: could not connect to host
 aevpn.org: could not connect to host
 afrikarl.de: could not connect to host
 agowa.eu: could not connect to host
 akiba-server.info: could not connect to host
 akoww.de: could not connect to host
 akul.co.in: could not connect to host
 al-f.net: could not connect to host
 alauda-home.de: could not connect to host
+alertboxx.com: could not connect to host
 alexmol.tk: could not connect to host
 alexperry.io: could not connect to host
 alilialili.ga: could not connect to host
 alistairstowing.com: could not connect to host
 alkel.info: could not connect to host
 alphie.me: could not connect to host
 altahrim.net: could not connect to host
 ameho.me: could not connect to host
 amua.fr: could not connect to host
 andrei-coman.com: could not connect to host
 andrepicard.de: could not connect to host
 andrewhowden.com: could not connect to host
 annetaan.fi: could not connect to host
 anoneko.com: could not connect to host
+answers-online.ru: could not connect to host
+anyways.at: could not connect to host
 aoku3d.com: could not connect to host
+apkoyunlar.club: could not connect to host
 arent.kz: could not connect to host
 arksan.com.tr: could not connect to host
 artisense.de: could not connect to host
 artyland.ru: could not connect to host
+asdyx.de: could not connect to host
 askmagicconch.com: could not connect to host
 assdecoeur.org: could not connect to host
+astutikhonda.com: could not connect to host
 at1.co: could not connect to host
 athi.pl: could not connect to host
+austinsutphin.com: could not connect to host
 australiancattle.dog: could not connect to host
 auto-anleitung.de: could not connect to host
 autostop-occasions.be: could not connect to host
-avi9526.pp.ua: could not connect to host
 awan.tech: could not connect to host
 awf0.xyz: could not connect to host
+b422edu.com: could not connect to host
 baitulongbaycruises.com: could not connect to host
 balonmano.co: could not connect to host
 bandarifamily.com: could not connect to host
 batfoundry.com: could not connect to host
 bbdos.ru: could not connect to host
 beasel.biz: could not connect to host
+bellavistaoutdoor.com: could not connect to host
 belua.com: could not connect to host
 bencorby.com: could not connect to host
 benjamin-horvath.com: could not connect to host
 benzou-space.com: could not connect to host
 berthelier.me: could not connect to host
 bey.io: could not connect to host
 billdestler.com: could not connect to host
 bip.gov.sa: could not connect to host
@@ -86,99 +95,98 @@ by1898.com: could not connect to host
 c16t.uk: could not connect to host
 cais.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 119"  data: no]
 calculatoaresecondhand.xyz: could not connect to host
 callabs.net: could not connect to host
 carlandfaith.com: could not connect to host
 catgirl.me: could not connect to host
 centos.pub: could not connect to host
 challengeskins.com: could not connect to host
+chaoslab.org: could not connect to host
+chaoticlaw.com: could not connect to host
 cheah.xyz: could not connect to host
 cheesefusion.com: could not connect to host
 childrendeservebetter.org: could not connect to host
-chima.us: could not connect to host
 china-line.org: could not connect to host
 chloehorler.com: could not connect to host
 chosenplaintext.org: could not connect to host
+chrisself.xyz: could not connect to host
 christiangaetano.com: could not connect to host
-chromaryu.net: could not connect to host
 chziyue.com: could not connect to host
 clearviewwealthprojector.com.au: could not connect to host
 cloudbleed.info: could not connect to host
 cloudimproved.com: could not connect to host
+cmahy.be: could not connect to host
 cmpr.es: could not connect to host
 cnlic.com: could not connect to host
 cocaine-import.agency: could not connect to host
 codercross.com: could not connect to host
 coffeetocode.me: could not connect to host
 colleencornez.com: could not connect to host
 colo-tech.com: could not connect to host
 comprehensiveihc.com: could not connect to host
 conception.sk: could not connect to host
-conflux.tw: could not connect to host
 conniesacademy.com: could not connect to host
 corinnanese.de: could not connect to host
-cosmeticasimple.com: could not connect to host
 cosplayer.com: could not connect to host
 cpaneltips.com: could not connect to host
-crescent.gr.jp: could not connect to host
-crestasantos.com: could not connect to host
 criticalaim.com: could not connect to host
 crystalmachine.net: could not connect to host
 csgo77.com: could not connect to host
 cubela.tech: could not connect to host
 cyberpeace.nl: could not connect to host
 cypherpunk.ws: could not connect to host
 d-bood.site: could not connect to host
 dahlberg.cologne: could not connect to host
 daniel-stahl.net: could not connect to host
 danielzuzevich.com: could not connect to host
-dannyrohde.de: could not connect to host
 darlo.co.uk: could not connect to host
 datorb.com: could not connect to host
 davros.eu: could not connect to host
 davros.ru: could not connect to host
 dawnsonb.com: could not connect to host
 dbcom.ru: could not connect to host
 de-servers.de: could not connect to host
 deadsoul.net: could not connect to host
 decoyrouting.com: could not connect to host
 derchris.me: could not connect to host
 derivativeshub.pro: could not connect to host
 detroit-english.de: could not connect to host
 dev-talk.eu: could not connect to host
 devkid.net: could not connect to host
+devops.moe: could not connect to host
 dick.red: could not connect to host
-die-blahuts.de: could not connect to host
 digioccumss.ddns.net: could not connect to host
 diguass.us: could not connect to host
 dijks.com: could not connect to host
 dirtycat.ru: could not connect to host
 disadattamentolavorativo.it: could not connect to host
 disco-crazy-world.de: could not connect to host
 djangogolf.com: could not connect to host
 dojifish.space: could not connect to host
 domengrad.ru: could not connect to host
 dostavkakurierom.ru: could not connect to host
 dreizwosechs.de: could not connect to host
 droomhuis-in-zuid-holland-kopen.nl: could not connect to host
 duch.cloud: could not connect to host
 duelsow.eu: could not connect to host
 duks.com.br: could not connect to host
 duo.money: could not connect to host
+e-wishlist.net: could not connect to host
 eagleridgecampground.com: could not connect to host
 eatfitoutlet.com.br: could not connect to host
 eeb98.com: could not connect to host
 eez.ee: could not connect to host
 ehuber.info: could not connect to host
 eled.io: could not connect to host
 elexel.ru: could not connect to host
 endlessdiy.ca: could not connect to host
 energy-drink-magazin.de: could not connect to host
 engg.ca: could not connect to host
+enriquepiraces.com: could not connect to host
 esibun.net: could not connect to host
 estan.cn: could not connect to host
 eurostrategy.vn.ua: could not connect to host
 eveshaiwu.com: could not connect to host
 evio.com: could not connect to host
 exceed.global: could not connect to host
 expatads.com: could not connect to host
 extreme-gaming.de: could not connect to host
@@ -193,55 +201,58 @@ fernangp.com: could not connect to host
 festival.house: could not connect to host
 filhomes.ph: could not connect to host
 findmybottleshop.com.au: could not connect to host
 firebaseio.com: could not connect to host
 firexarxa.de: could not connect to host
 first-time-offender.com: could not connect to host
 fixmyglitch.com: could not connect to host
 flam.io: could not connect to host
-fleximus.org: could not connect to host
+fletchto99.com: could not connect to host
 foodserve.in: could not connect to host
 fossewayflowers.co.uk: could not connect to host
 fossewayflowers.com: could not connect to host
 foxmay.co.uk: could not connect to host
 fragmentspuren.de: could not connect to host
 fragnic.com: could not connect to host
 freaksites.dk: could not connect to host
 fredliang.cn: could not connect to host
 fredtec.ru: could not connect to host
 freesounding.ru: could not connect to host
-frino.de: could not connect to host
 fromlemaytoz.com: could not connect to host
 frosty-gaming.xyz: could not connect to host
 fsck.cz: could not connect to host
 fukuko.biz: could not connect to host
 fukuko.xyz: could not connect to host
 funfunmstdn.tokyo: could not connect to host
 funideas.org: could not connect to host
 funksteckdosen24.de: could not connect to host
 futbolvivo.tv: could not connect to host
 fyol.pw: could not connect to host
 g4w.co: could not connect to host
 gam3rs.de: could not connect to host
 game-gentle.com: could not connect to host
+garagemhermetica.org: could not connect to host
 gasbarkenora.com: could not connect to host
 gasnews.net: could not connect to host
-gautham.it: could not connect to host
 gaygeeks.de: could not connect to host
 gbcsummercamps.com: could not connect to host
+gdevpenze.ru: could not connect to host
 gdhzcgs.com: could not connect to host
 geeks.berlin: could not connect to host
 geneve.guide: could not connect to host
 georgmayer.eu: could not connect to host
 geti2p.com: could not connect to host
 getwarden.net: could not connect to host
 gevaulug.fr: could not connect to host
 gfoss.gr: could not connect to host
 ggss.cf: could not connect to host
+ghostblog.info: could not connect to host
+giveme.online: could not connect to host
+gizmo.ovh: could not connect to host
 gnom.me: could not connect to host
 godrealms.com: could not connect to host
 google: could not connect to host
 gottfridsberg.org: could not connect to host
 gozadentro.com: could not connect to host
 gradsm-ci.net: could not connect to host
 greboid.co.uk: could not connect to host
 greboid.com: could not connect to host
@@ -266,93 +277,96 @@ hentaimaster.net: could not connect to h
 here.ml: could not connect to host
 hg881.com: could not connect to host
 hiraku.me: could not connect to host
 hollermann.eu: could not connect to host
 hoodoo.io: could not connect to host
 hoodoo.tech: could not connect to host
 horvathd.eu: could not connect to host
 hotchillibox.co.za: could not connect to host
+hotplug.gr: could not connect to host
 hukkatavara.com: could not connect to host
 hundter.com: could not connect to host
-huntshomeinspections.com: could not connect to host
 ibase.com: could not connect to host
+icbemp.gov: could not connect to host
 ifxnet.com: could not connect to host
 ikenmeyer.eu: could not connect to host
 ileat.com: could not connect to host
 imguoguo.com: could not connect to host
 imperdintechnologies.com: could not connect to host
 inexpensivecomputers.net: could not connect to host
 informatik.zone: could not connect to host
 injust.me: could not connect to host
 insouciant.org: could not connect to host
 investorloanshub.com: could not connect to host
 iris-insa.com: could not connect to host
+isaacman.tech: could not connect to host
 issuesofconcern.in: could not connect to host
+itmanie.cz: could not connect to host
 itpro-mg.de: could not connect to host
 itproject.guru: could not connect to host
 ivanpolchenko.com: could not connect to host
 ixio.cz: could not connect to host
 jakincode.army: could not connect to host
 janaundgeorgsagenja.eu: could not connect to host
 jaredfraser.com: could not connect to host
 javascriptlab.fr: could not connect to host
 jessevictors.com: could not connect to host
 jhburton.co.uk: could not connect to host
 jie.dance: could not connect to host
 jiyuu-ni.com: could not connect to host
 jiyuu-ni.net: could not connect to host
 jobmedic.com: could not connect to host
 joecod.es: could not connect to host
-johnmh.me: could not connect to host
 jonathansanchez.pro: could not connect to host
 jonpads.com: could not connect to host
+jons.org: could not connect to host
 joostbovee.nl: could not connect to host
 just-pools.co.za: could not connect to host
 justmy.website: could not connect to host
 k-wallet.com: could not connect to host
 k82.org: could not connect to host
 kamikaichimaru.com: could not connect to host
-kanaanonline.org: could not connect to host
 kanjo.de: could not connect to host
 kapo.info: could not connect to host
 karanlyons.com: could not connect to host
 karuneshjohri.com: could not connect to host
 katzen.me: could not connect to host
 kawaiiku.com: could not connect to host
 kawaiiku.de: could not connect to host
+kbfl.org: could not connect to host
 kenrogers.co: could not connect to host
 kenvix.com: could not connect to host
-kibibit.net: could not connect to host
 kieranweightman.me: could not connect to host
 kinepolis-studio.ga: could not connect to host
 kjoglum.me: could not connect to host
 knownsec.cf: could not connect to host
 kollawat.me: could not connect to host
 konventseliten.se: could not connect to host
 kousaku.jp: could not connect to host
 kozmik.co: could not connect to host
 kteen.info: could not connect to host
 kylling.io: could not connect to host
+laboutiquemarocaineduconvoyeur.ma: could not connect to host
 lacasa.fr: could not connect to host
 lachawoj.de: could not connect to host
+lafosseobservatoire.be: could not connect to host
 lathamlabs.com: could not connect to host
 lathamlabs.net: could not connect to host
 lathamlabs.org: could not connect to host
 lavapot.com: could not connect to host
 lcti.biz: could not connect to host
 ldcraft.pw: could not connect to host
 legitaxi.com: could not connect to host
 leiming.co: could not connect to host
 leninalbertop.com.ve: could not connect to host
 lenkunz.me: could not connect to host
 leveredge.net: could not connect to host
 lezdomsm.com: could not connect to host
 lheinrich.org: could not connect to host
-libbitcoin.org: could not connect to host
 lifenexto.com: could not connect to host
 lingerieonline.com.br: could not connect to host
 linksanitizer.com: could not connect to host
 linksextremist.at: could not connect to host
 linuxcommand.ru: could not connect to host
 lissabon.guide: could not connect to host
 littleservice.cn: could not connect to host
 litz.ca: could not connect to host
@@ -361,17 +375,16 @@ liukang.tech: could not connect to host
 livnev.me: could not connect to host
 lobosdomain.no-ip.info: could not connect to host
 logcat.info: could not connect to host
 logic8.ml: could not connect to host
 lovelytimes.net: could not connect to host
 luav.org: could not connect to host
 lubomirkazakov.com: could not connect to host
 luenwarneke.com: could not connect to host
-maartenterpstra.xyz: could not connect to host
 macedopesca.com.br: could not connect to host
 madrants.net: could not connect to host
 magnacumlaude.co: could not connect to host
 mail4geek.com: could not connect to host
 markoh.co.uk: could not connect to host
 markus-ullmann.de: could not connect to host
 martin-mattel.com: could not connect to host
 mastodon.my: could not connect to host
@@ -397,68 +410,66 @@ mosaique-lachenaie.fr: could not connect
 moskva.guide: could not connect to host
 motomorgen.com: could not connect to host
 motorbiketourhanoi.com: could not connect to host
 mowalls.net: could not connect to host
 mpserver12.org: could not connect to host
 mrliu.me: could not connect to host
 mtn.cc: could not connect to host
 munduch.cz: could not connect to host
-musearchengine.com: could not connect to host
-mygallery.homelinux.net: could not connect to host
 myrent.quebec: could not connect to host
 naphex.rocks: could not connect to host
 narodsovety.ru: could not connect to host
 ncdesigns-studio.com: could not connect to host
 nedcf.org.uk: could not connect to host
 negai.moe: could not connect to host
 netica.fr: could not connect to host
 netulo.com: could not connect to host
 nevadafiber.net: could not connect to host
 nexuscorporation.in: could not connect to host
 nfluence.org: could not connect to host
 nikolasbradshaw.com: could not connect to host
 niouininon.eu: could not connect to host
 niva.synology.me: could not connect to host
 nkb.in.th: could not connect to host
+nlegall.fr: could not connect to host
 nodelab-it.de: could not connect to host
-notadd.store: could not connect to host
 notcompletelycorrect.com: could not connect to host
 notesforpebble.com: could not connect to host
 novascan.net: could not connect to host
 novelabs.eu: could not connect to host
 nowcost.com: could not connect to host
 nowremindme.com: could not connect to host
 nup.pw: could not connect to host
-oasisim.net: could not connect to host
 obdolbacca.ru: could not connect to host
 oberhof.co: could not connect to host
+octal.es: could not connect to host
 octosys.net: could not connect to host
 octosys.org: could not connect to host
 octosys.ru: could not connect to host
 off-the-clock.us: could not connect to host
 oliverspringer.eu: could not connect to host
 onewebdev.info: could not connect to host
 onstud.com: could not connect to host
 onwie.fr: could not connect to host
 opengg.me: could not connect to host
 openmirrors.cf: could not connect to host
 optimist.bg: could not connect to host
 oscsdp.cz: could not connect to host
 outetc.com: could not connect to host
 oxygaming.com: could not connect to host
 oxymc.com: could not connect to host
-ozonitron.com: could not connect to host
-ozonitron.de: could not connect to host
-ozonitron.eu: could not connect to host
+palmavile.us: could not connect to host
+palmaville.com: could not connect to host
 pascalchristen.ch: could not connect to host
 pear2pear.de: could not connect to host
 perkbrian.com: could not connect to host
 persjrp.ca: could not connect to host
 persoform.ch: could not connect to host
+peter.org.ua: could not connect to host
 pgpmail.cc: could not connect to host
 philippa.cool: could not connect to host
 php-tuning.de: could not connect to host
 picallo.es: could not connect to host
 pinebaylibrary.org: could not connect to host
 pitfire.io: could not connect to host
 plaasprodukte.com: could not connect to host
 planbox.info: could not connect to host
@@ -478,16 +489,17 @@ qrforex.com: could not connect to host
 qto.net: could not connect to host
 rainbin.com: could not connect to host
 real-compare.com: could not connect to host
 realwoo.com: could not connect to host
 reignsphere.net: could not connect to host
 reinaertvandecruys.me: could not connect to host
 reismil.ch: could not connect to host
 repaxan.com: could not connect to host
+reporting.gov: could not connect to host
 reqognize.com: could not connect to host
 reth.ch: could not connect to host
 retube.ga: could not connect to host
 reykjavik.guide: could not connect to host
 ricknox.com: could not connect to host
 robinvdmarkt.nl: could not connect to host
 robomonkey.org: could not connect to host
 roguesignal.net: could not connect to host
@@ -503,38 +515,37 @@ runcarina.com: could not connect to host
 s13d.fr: could not connect to host
 saferedirectlink.com: could not connect to host
 sallysubs.com: could not connect to host
 salzamt.tk: could not connect to host
 samaritan.tech: could not connect to host
 sanatrans.com: could not connect to host
 sanmuding.com: could not connect to host
 sarndipity.com: could not connect to host
-savecashindia.com: could not connect to host
 schamlosharmlos.de: could not connect to host
 scm-2017.org: could not connect to host
 seanstrout.com: could not connect to host
 sebastian-lutsch.de: could not connect to host
 sectest.ml: could not connect to host
 security.love: could not connect to host
 securitymap.wiki: could not connect to host
 sellmoretires.com: could not connect to host
 semantheme.fr: could not connect to host
 servecrypt.com: could not connect to host
 servfefe.com: could not connect to host
 sesha.co.za: could not connect to host
-sgtsnookums.net: could not connect to host
 shadowplus.net: could not connect to host
 shadowrocket.net: could not connect to host
 sharevari.com: could not connect to host
 shavingks.com: could not connect to host
 sheratan.web.id: could not connect to host
 sheying.tm: could not connect to host
 shirakaba-cc.com: could not connect to host
 shopifycloud.com: could not connect to host
+shoppingreview.org: could not connect to host
 shotonwhat.com: could not connect to host
 siliconchip.me: could not connect to host
 simbolo.co.uk: could not connect to host
 simplerses.com: could not connect to host
 siqi.wang: could not connect to host
 skarox.com: could not connect to host
 skarox.net: could not connect to host
 skarox.ru: could not connect to host
@@ -543,70 +554,77 @@ skylocker.net: could not connect to host
 skylocker.nl: could not connect to host
 slovoice.org: could not connect to host
 smith.is: could not connect to host
 socialworkout.com: could not connect to host
 socialworkout.net: could not connect to host
 socialworkout.org: could not connect to host
 socialworkout.tv: could not connect to host
 socketize.com: could not connect to host
+sodiao.cc: could not connect to host
 solos.im: could not connect to host
 somali-derp.com: could not connect to host
 soulema.com: could not connect to host
 sowingseasons.com: could not connect to host
 spacountryexplorer.org.au: could not connect to host
-spdf.net: could not connect to host
+spha.info: could not connect to host
 spicywombat.com: could not connect to host
 spom.net: could not connect to host
+sportsmanadvisor.com: could not connect to host
 stadtgartenla.com: could not connect to host
 statgram.me: could not connect to host
 static-assets.io: could not connect to host
+stefanovski.io: could not connect to host
 stickswag.cf: could not connect to host
 stpip.com: could not connect to host
 stylle.me: could not connect to host
 surdam.casa: could not connect to host
+sussexwebdesigns.com: could not connect to host
 sviz.pro: could not connect to host
 takusan.ru: could not connect to host
 talktwincities.com: could not connect to host
-tbarter.com: could not connect to host
 tdsb.cf: could not connect to host
 tdsbhack.tk: could not connect to host
 techask.it: could not connect to host
+technoinfogroup.it: could not connect to host
 techpit.us: could not connect to host
 telugu4u.net: could not connect to host
 tenispopular.com: could not connect to host
 theprivacysolution.com: could not connect to host
 theresa-mayer.eu: could not connect to host
 thesehighsandlows.com: could not connect to host
 thinkcash.nl: could not connect to host
 thinktux.net: could not connect to host
+thynx.io: could not connect to host
 tierarztpraxis-weinert.de: could not connect to host
 tiliaze.info: could not connect to host
 tiliaze.net: could not connect to host
+timysewyn.be: could not connect to host
 tobi-mayer.de: could not connect to host
 totallynotaserver.com: could not connect to host
 totch.de: could not connect to host
 totot.net: could not connect to host
+traces.ml: could not connect to host
 transcendmotor.sg: could not connect to host
-treebaglia.xyz: could not connect to host
+troianet.com.br: could not connect to host
 tucidi.net: could not connect to host
 turn-sticks.com: could not connect to host
 tusb.ml: could not connect to host
 twentymilliseconds.com: could not connect to host
 twiri.net: could not connect to host
 twotube.ie: could not connect to host
 tyil.work: could not connect to host
 tykoon.com: could not connect to host
 u.nu: could not connect to host
 umsapi.com: could not connect to host
 unicorn.li: could not connect to host
 uniformehumboldt.com.br: could not connect to host
 unterschicht.tv: could not connect to host
+upr.com.ua: could not connect to host
 vadik.me: could not connect to host
-valshamar.is: could not connect to host
 vanderstraeten.dynv6.net: could not connect to host
 vapehour.com: could not connect to host
 vapeshopsupply.com: could not connect to host
 varta.io: could not connect to host
 venmos.com: could not connect to host
 versfin.net: could not connect to host
 verteilergetriebe.info: could not connect to host
 viditut.com: could not connect to host
@@ -648,35 +666,35 @@ xqin.net: could not connect to host
 xtremenutrition.com.br: could not connect to host
 yarogneva.ru: could not connect to host
 yffengshi.ml: could not connect to host
 yii2.cc: could not connect to host
 yobbelwobbel.de: could not connect to host
 youyoulemon.com: could not connect to host
 yum0.cn: could not connect to host
 yux.fr: could not connect to host
-z33.ch: could not connect to host
 zaoext.com: could not connect to host
 zberger.com: could not connect to host
 zellari.ru: could not connect to host
 zenfusion.fr: could not connect to host
 zenghx.tk: could not connect to host
 zerosource.net: could not connect to host
+zeug.co: could not connect to host
 zopyx.com: could not connect to host
 zorz.info: could not connect to host
 ztytian.com: could not connect to host
 zulu7.com: could not connect to host
 zuviel.space: could not connect to host
 zzw.ca: could not connect to host
 0-1.party: did not receive HSTS header
 0005.com: could not connect to host
 0005aa.com: could not connect to host
 007sascha.de: did not receive HSTS header
 020wifi.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 119"  data: no]
-0222aa.com: did not receive HSTS header
+0222aa.com: could not connect to host
 048.ag: could not connect to host
 050508.com: could not connect to host
 0f.io: could not connect to host
 0g.org.uk: could not connect to host
 0o0.ooo: could not connect to host
 0p.no: did not receive HSTS header
 0w0.vc: could not connect to host
 0x0a.net: could not connect to host
@@ -687,16 +705,17 @@ 0x539.pw: could not connect to host
 0x90.fi: could not connect to host
 0xa.in: could not connect to host
 0xb612.org: could not connect to host
 0xf00.ch: did not receive HSTS header
 1017scribes.com: could not connect to host
 1018hosting.nl: did not receive HSTS header
 1022996493.rsc.cdn77.org: could not connect to host
 1091.jp: could not connect to host
+10ppm.com: did not receive HSTS header
 10seos.com: did not receive HSTS header
 10tacle.io: could not connect to host
 12.net: did not receive HSTS header
 120dayweightloss.com: could not connect to host
 123.gg: could not connect to host
 123share.org: could not connect to host
 123test.de: did not receive HSTS header
 123test.es: did not receive HSTS header
@@ -1102,16 +1121,17 @@ amcvega.com: did not receive HSTS header
 amerhd.com: did not receive HSTS header
 american-truck-simulator.de: could not connect to host
 american-truck-simulator.net: could not connect to host
 americanworkwear.nl: did not receive HSTS header
 amigogeek.net: could not connect to host
 amilx.com: could not connect to host
 amilx.org: could not connect to host
 amimoto-ami.com: max-age too low: 3153600
+amin.one: did not receive HSTS header
 amishsecurity.com: could not connect to host
 amitse.com: did not receive HSTS header
 amitube.com: did not receive HSTS header
 amlvfs.net: could not connect to host
 ammoulianiapartments.com: did not receive HSTS header
 amo-entreprise-et-commerce.fr: could not connect to host
 amoory.com: could not connect to host
 amoozesh98.com: did not receive HSTS header
@@ -1186,17 +1206,16 @@ anthonyavon.com: could not connect to ho
 antimine.kr: could not connect to host
 antoine-roux.fr: could not connect to host
 antoinedeschenes.com: could not connect to host
 antoinemary.io: could not connect to host
 antoineschaller.ch: did not receive HSTS header
 antoniomarques.eu: did not receive HSTS header
 antoniorequena.com.ve: could not connect to host
 antscript.com: did not receive HSTS header
-anttitenhunen.com: could not connect to host
 anycoin.me: could not connect to host
 anymetrix.io: did not receive HSTS header
 aocast.info: could not connect to host
 aojf.fr: could not connect to host
 aomberg.com: did not receive HSTS header
 aov.io: could not connect to host
 aozora.moe: could not connect to host
 apachelounge.com: did not receive HSTS header
@@ -1242,16 +1261,17 @@ arbu.eu: max-age too low: 2419200
 arcbit.io: could not connect to host
 ardao.me: could not connect to host
 ardorlabs.se: could not connect to host
 arewedubstepyet.com: could not connect to host
 areyouever.me: did not receive HSTS header
 argennon.xyz: could not connect to host
 arguggi.co.uk: could not connect to host
 ariacreations.net: did not receive HSTS header
+arislight.com: did not receive HSTS header
 aristilabs.com: did not receive HSTS header
 arlen.io: could not connect to host
 arlen.se: could not connect to host
 armingrodon.de: max-age too low: 0
 armor.com: did not receive HSTS header
 armored.ninja: could not connect to host
 armory.consulting: could not connect to host
 armory.supplies: could not connect to host
@@ -1343,17 +1363,17 @@ authentication.io: could not connect to 
 author24.ru: did not receive HSTS header
 authoritynutrition.com: did not receive HSTS header
 auto-serwis.zgorzelec.pl: did not receive HSTS header
 auto4trade.nl: could not connect to host
 autobedarf.net: did not receive HSTS header
 autodeploy.it: could not connect to host
 autoecolebudget.ch: did not receive HSTS header
 autoeet.cz: did not receive HSTS header
-autoepc.ro: could not connect to host
+autoepc.ro: did not receive HSTS header
 autojuhos.sk: could not connect to host
 autokovrik-diskont.ru: did not receive HSTS header
 automobiles5.com: could not connect to host
 autotsum.com: could not connect to host
 autumnwindsagility.com: could not connect to host
 auverbox.ovh: could not connect to host
 aux-arts-de-la-table.com: did not receive HSTS header
 auxetek.se: could not connect to host
@@ -1474,16 +1494,17 @@ beastowner.com: did not receive HSTS hea
 beautyconcept.co: did not receive HSTS header
 beavers.io: could not connect to host
 bebeefy.uk: could not connect to host
 bebesurdoue.com: could not connect to host
 bedabox.com: max-age too low: 0
 bedeta.de: could not connect to host
 bedreid.dk: did not receive HSTS header
 bedrijvenadministratie.nl: could not connect to host
+beepan.com: did not receive HSTS header
 beerboutique.com.br: could not connect to host
 beetleroadstories.com: could not connect to host
 befundup.com: could not connect to host
 behere.be: could not connect to host
 beholdthehurricane.com: could not connect to host
 beichtgenerator.de: did not receive HSTS header
 beier.io: could not connect to host
 beikeil.de: could not connect to host
@@ -1710,17 +1731,16 @@ brandon.so: could not connect to host
 brandred.net: could not connect to host
 brandspray.com: could not connect to host
 brasilien.guide: could not connect to host
 brasilmorar.com: could not connect to host
 bratteng.xyz: could not connect to host
 bravz.de: could not connect to host
 bremensaki.com: max-age too low: 2592000
 brenden.net.au: did not receive HSTS header
-brfvh24.se: could not connect to host
 brickoo.com: could not connect to host
 brickyardbuffalo.com: did not receive HSTS header
 bridholm.se: could not connect to host
 brightstarkids.com.au: did not receive HSTS header
 brilliantbuilders.co.uk: did not receive HSTS header
 britzer-toner.de: did not receive HSTS header
 brix.ninja: did not receive HSTS header
 brks.xyz: could not connect to host
@@ -1794,17 +1814,16 @@ butterfieldstraining.com: did not receiv
 buvinghausen.com: max-age too low: 86400
 buyaccessible.gov: did not receive HSTS header
 buybaby.eu: did not receive HSTS header
 buyfox.de: did not receive HSTS header
 buzzconcert.com: could not connect to host
 buzztelco.com.au: did not receive HSTS header
 bw81.xyz: could not connect to host
 bwear4all.de: could not connect to host
-by1896.com: did not receive HSTS header
 by4cqb.cn: could not connect to host
 bydisk.com: could not connect to host
 byken.cn: did not receive HSTS header
 bynet.cz: could not connect to host
 bynumlaw.net: did not receive HSTS header
 bypassed.bid: could not connect to host
 bypassed.cc: could not connect to host
 bypassed.club: could not connect to host
@@ -1873,17 +1892,16 @@ campaignelves.com: did not receive HSTS 
 campbellsoftware.co.uk: could not connect to host
 campfire.co.il: did not receive HSTS header
 campusdrugprevention.gov: did not receive HSTS header
 camsanalytics.com: could not connect to host
 canadiangamblingchoice.com: did not receive HSTS header
 candicontrols.com: did not receive HSTS header
 candratech.com: could not connect to host
 candygirl.shop: could not connect to host
-canlidoviz.com: did not receive HSTS header
 canyonshoa.com: did not receive HSTS header
 capecycles.co.za: did not receive HSTS header
 capeyorkfire.com.au: did not receive HSTS header
 capogna.com: could not connect to host
 captchatheprize.com: could not connect to host
 captianseb.de: could not connect to host
 captivatedbytabrett.com: could not connect to host
 car-navi.ph: did not receive HSTS header
@@ -1905,17 +1923,17 @@ carsforbackpackers.com: could not connec
 cartesunicef.be: did not receive HSTS header
 carwashvapeur.be: could not connect to host
 casc.cz: did not receive HSTS header
 casedi.org: max-age too low: 0
 casefall.com: could not connect to host
 cash-pos.com: could not connect to host
 cashmyphone.ch: could not connect to host
 casino-cashflow.ru: did not receive HSTS header
-casinostest.com: did not receive HSTS header
+casinostest.com: could not connect to host
 casioshop.eu: did not receive HSTS header
 casovi.cf: could not connect to host
 castagnonavocats.com: did not receive HSTS header
 cata.ga: could not connect to host
 catalin.pw: could not connect to host
 catarsisvr.com: could not connect to host
 catinmay.com: did not receive HSTS header
 catnapstudios.com: could not connect to host
@@ -2042,17 +2060,16 @@ cigi.site: could not connect to host
 ciicutini.ro: did not receive HSTS header
 cim2b.de: could not connect to host
 cimalando.eu: could not connect to host
 cinartelorgu.com: did not receive HSTS header
 cintdirect.com: could not connect to host
 cioconference.co.nz: could not connect to host
 ciplanutrition.com: did not receive HSTS header
 cirrohost.com: did not receive HSTS header
-cirrus0.de: did not receive HSTS header
 ciscohomeanalytics.com: could not connect to host
 ciscommerce.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 119"  data: no]
 citiagent.cz: could not connect to host
 cityoflaurel.org: did not receive HSTS header
 cium.ru: could not connect to host
 cjcaron.org: could not connect to host
 claimit.ml: could not connect to host
 clan-ww.com: did not receive HSTS header
@@ -2165,39 +2182,40 @@ colognegaming.net: could not connect to 
 coloradocomputernetworking.net: could not connect to host
 colorlib.com: did not receive HSTS header
 colorunhas.com.br: could not connect to host
 comfortdom.ua: did not receive HSTS header
 comfortticket.de: did not receive HSTS header
 comfy.cafe: did not receive HSTS header
 comfy.moe: did not receive HSTS header
 comicspines.com: could not connect to host
-comicspornos.com: max-age too low: 2592000
 comitesaustria.at: could not connect to host
 comiteshopping.com: could not connect to host
 commercialplanet.eu: could not connect to host
 commune-preuilly.fr: did not receive HSTS header
 comotalk.com: could not connect to host
 compalytics.com: could not connect to host
 comparamejor.com: did not receive HSTS header
 compareinsurance.com.au: did not receive HSTS header
 comparejewelleryprices.co.uk: could not connect to host
 comparetravelinsurance.com.au: did not receive HSTS header
 compassionate-biology.com: could not connect to host
 compiledworks.com: could not connect to host
 completionist.audio: could not connect to host
 complymd.com: did not receive HSTS header
 compraneta.com: did not receive HSTS header
+compubench.com: did not receive HSTS header
 compucorner.com.mx: could not connect to host
 computeremergency.com.au: did not receive HSTS header
 computersystems.guru: did not receive HSTS header
 computertal.de: could not connect to host
 concentrade.de: did not receive HSTS header
 concord-group.co.jp: did not receive HSTS header
 confirm365.com: could not connect to host
+conflux.tw: did not receive HSTS header
 conformal.com: could not connect to host
 cong5.net: could not connect to host
 congz.me: could not connect to host
 conjugacao.com.br: did not receive HSTS header
 connect.ua: could not connect to host
 connected-verhuurservice.nl: did not receive HSTS header
 connectfss.com: could not connect to host
 consciousandglamorous.com: could not connect to host
@@ -2415,17 +2433,16 @@ darkanzali.pl: max-age too low: 0
 darkfriday.ddns.net: could not connect to host
 darkhole.cn: did not receive HSTS header
 darkkeepers.dk: could not connect to host
 darknebula.space: could not connect to host
 darkpony.ru: could not connect to host
 darksideof.it: could not connect to host
 darkstance.org: could not connect to host
 darktree.in: could not connect to host
-darkwater.info: did not receive HSTS header
 daropia.org: could not connect to host
 darrenellis.xyz: did not receive HSTS header
 dash-board.jp: did not receive HSTS header
 dash.rocks: max-age too low: 0
 dashburst.com: did not receive HSTS header
 dashnimorad.com: did not receive HSTS header
 data-abundance.com: could not connect to host
 data.haus: could not connect to host
@@ -2453,17 +2470,17 @@ db.gy: could not connect to host
 dbx.ovh: could not connect to host
 dcaracing.nl: could not connect to host
 dccode.gov: could not connect to host
 dccraft.net: could not connect to host
 dcl.re: did not receive HSTS header
 dcuofriends.net: could not connect to host
 dcurt.is: did not receive HSTS header
 dcw.io: did not receive HSTS header
-ddatsh.com: did not receive HSTS header
+ddatsh.com: could not connect to host
 debank.tv: did not receive HSTS header
 debatch.se: could not connect to host
 debian-vhost.de: did not receive HSTS header
 debiton.dk: could not connect to host
 debtkit.co.uk: did not receive HSTS header
 debtprotectionreporting.com: did not receive HSTS header
 decafu.co: could not connect to host
 decesus.com: could not connect to host
@@ -2548,16 +2565,17 @@ dhpiggott.net: did not receive HSTS head
 diablotine.rocks: could not connect to host
 diagnosia.com: did not receive HSTS header
 diamondcare.com.br: could not connect to host
 dianlujitao.com: did not receive HSTS header
 diannaobos.com: did not receive HSTS header
 dicando.com: max-age too low: 2592000
 dicelab.co.uk: could not connect to host
 dicionariofinanceiro.com: did not receive HSTS header
+dicoding.com: did not receive HSTS header
 dieb.photo: could not connect to host
 dierenkruiden.nl: could not connect to host
 diewebstube.de: could not connect to host
 diezel.com: could not connect to host
 diferenca.com: did not receive HSTS header
 digired.xyz: could not connect to host
 digitalbank.kz: could not connect to host
 digitaldaddy.net: could not connect to host
@@ -2719,16 +2737,17 @@ drtti.io: could not connect to host
 drumbandesperanto.nl: did not receive HSTS header
 drupal123.com: did not receive HSTS header
 drycreekapiary.com: could not connect to host
 ds-christiansen.de: could not connect to host
 dshiv.io: could not connect to host
 dtub.co: could not connect to host
 dualias.xyz: could not connect to host
 dubik.su: did not receive HSTS header
+dudesunderwear.com.br: did not receive HSTS header
 duelysthub.com: could not connect to host
 duerls.de: did not receive HSTS header
 dukec.me: could not connect to host
 dullsir.com: did not receive HSTS header
 dungi.org: could not connect to host
 duongpho.com: did not receive HSTS header
 duskopy.top: could not connect to host
 dutchessuganda.com: did not receive HSTS header
@@ -2768,16 +2787,17 @@ eauclairecommerce.com: could not connect
 ebankcbt.com: could not connect to host
 ebcs-solutions.com: did not receive HSTS header
 ebecs.com: did not receive HSTS header
 ebertek.com: did not receive HSTS header
 ebiografia.com: did not receive HSTS header
 ebiografias.com.br: did not receive HSTS header
 ebolsa.com.br: did not receive HSTS header
 ebolsas.com.br: did not receive HSTS header
+ebooksgratuits.org: did not receive HSTS header
 ebp2p.com: did not receive HSTS header
 ebpglobal.com: did not receive HSTS header
 ebraph.com: could not connect to host
 ec-hasslau.de: did not receive HSTS header
 ecake.in: could not connect to host
 ecc-kaufbeuren.de: could not connect to host
 ecdn.cz: could not connect to host
 ecfs.link: could not connect to host
@@ -2971,17 +2991,16 @@ eru.me: did not receive HSTS header
 erwinvanlonden.net: did not receive HSTS header
 escalate.eu: could not connect to host
 escotour.com: could not connect to host
 esec.rs: did not receive HSTS header
 esko.bar: could not connect to host
 esln.org: did not receive HSTS header
 esn-ypci.com: could not connect to host
 esocweb.com: could not connect to host
-esp.community: did not receive HSTS header
 esp8285.store: could not connect to host
 espacemontmorency.com: did not receive HSTS header
 especificosba.com.mx: could not connect to host
 espo.com.ua: did not receive HSTS header
 espra.com: could not connect to host
 esquonic.com: could not connect to host
 essenzialeenxovais.com.br: could not connect to host
 essexghosthunters.co.uk: did not receive HSTS header
@@ -3097,16 +3116,17 @@ fam-weyer.de: did not receive HSTS heade
 fame-agency.net: could not connect to host
 familie-sprink.de: could not connect to host
 familie-zimmermann.at: could not connect to host
 famio.cn: could not connect to host
 fanflow.com: did not receive HSTS header
 fantasyfootballpundit.com: did not receive HSTS header
 fanyl.cn: could not connect to host
 farces.com: did not receive HSTS header
+farhadexchange.com: did not receive HSTS header
 farwat.ru: did not receive HSTS header
 fashion.net: did not receive HSTS header
 fashioncare.cz: did not receive HSTS header
 fashionholic.my: did not receive HSTS header
 fasset.jp: could not connect to host
 fastcomcorp.com: did not receive HSTS header
 fastcomcorp.net: did not receive HSTS header
 fastograph.com: could not connect to host
@@ -3124,17 +3144,16 @@ fdj.im: could not connect to host
 fdt.name: did not receive HSTS header
 feard.space: could not connect to host
 fedn.it: could not connect to host
 fedo.moe: could not connect to host
 feedthebot.com: did not receive HSTS header
 feezmodo.com: did not receive HSTS header
 fefore.com: could not connect to host
 fegans.org.uk: did not receive HSTS header
-feirlane.org: could not connect to host
 felisslovakia.sk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 119"  data: no]
 feliwyn.fr: did not receive HSTS header
 felixrr.pro: could not connect to host
 femaledom.xyz: could not connect to host
 feminists.co: could not connect to host
 fenno.net: could not connect to host
 fensdorf.de: did not receive HSTS header
 fenteo.com: could not connect to host
@@ -3284,16 +3303,17 @@ frankwei.xyz: did not receive HSTS heade
 franta.biz: did not receive HSTS header
 franta.email: did not receive HSTS header
 franzt.de: could not connect to host
 frasesdeamizade.pt: could not connect to host
 frasesytarjetas.com: did not receive HSTS header
 frasys.io: did not receive HSTS header
 frau-inge.de: could not connect to host
 fraudempire.com: could not connect to host
+frederik-braun.com: did not receive HSTS header
 freeflow.tv: could not connect to host
 freelanced.co.za: could not connect to host
 freelo.cz: did not receive HSTS header
 freematthale.net: did not receive HSTS header
 freesoftwaredriver.com: did not receive HSTS header
 freethought.org.au: could not connect to host
 freeutopia.org: did not receive HSTS header
 freqlabs.com: did not receive HSTS header
@@ -3407,20 +3427,21 @@ garciamartin.me: could not connect to ho
 garcinia--cambogia.com: could not connect to host
 garden.trade: could not connect to host
 gardencarezone.com: did not receive HSTS header
 garfieldairlines.net: did not receive HSTS header
 gatapro.net: could not connect to host
 gatorsa.es: did not receive HSTS header
 gaussorgues.me: could not connect to host
 gdegem.org: did not receive HSTS header
-gdz.tv: did not receive HSTS header
 gebn.co.uk: did not receive HSTS header
 gebn.uk: could not connect to host
 gedankenbude.info: could not connect to host
+geek.com.tw: did not receive HSTS header
+geek.tw: did not receive HSTS header
 geekcast.co.uk: did not receive HSTS header
 geekmind.org: max-age too low: 172800
 geeks.lgbt: could not connect to host
 geeky.software: could not connect to host
 geemo.top: could not connect to host
 geeq.ch: could not connect to host
 geli-graphics.com: did not receive HSTS header
 gemsoftheworld.org: could not connect to host
@@ -3468,17 +3489,17 @@ getpake.com: could not connect to host
 getremembrall.com: could not connect to host
 getronics.care: could not connect to host
 getsello.com: could not connect to host
 getspeaker.com: did not receive HSTS header
 getwashdaddy.com: could not connect to host
 gfm.tech: could not connect to host
 gfournier.ca: could not connect to host
 gfwsb.ml: could not connect to host
-ggs-marschallstrasse.de: did not receive HSTS header
+gfxbench.com: did not receive HSTS header
 ggss.ml: could not connect to host
 gh16.com.ar: could not connect to host
 gheorghe-sarcov.ga: could not connect to host
 gheorghesarcov.ga: could not connect to host
 gheorghesarcov.tk: could not connect to host
 ghkim.net: could not connect to host
 ghostcir.com: could not connect to host
 giakki.eu: could not connect to host
@@ -3650,16 +3671,17 @@ gryffin.ml: could not connect to host
 gryffin.tk: could not connect to host
 gsm-map.com: could not connect to host
 gsnort.com: did not receive HSTS header
 gtamodshop.org: could not connect to host
 gtanda.tk: could not connect to host
 gtech.work: did not receive HSTS header
 gtldna.com: could not connect to host
 gtlfsonlinepay.com: did not receive HSTS header
+gtopala.com: did not receive HSTS header
 gtraxapp.com: could not connect to host
 gts-schulsoftware.de: did not receive HSTS header
 guava.studio: did not receive HSTS header
 guentherhouse.com: did not receive HSTS header
 guenthernoack.de: could not connect to host
 guffrits.com: could not connect to host
 guge.gq: could not connect to host
 gugga.dk: could not connect to host
@@ -3853,17 +3875,16 @@ hightower.eu: could not connect to host
 highvelocitydesign.com: could not connect to host
 hiisukun.com: could not connect to host
 hiitcentre.com: did not receive HSTS header
 hikariempire.com: could not connect to host
 hikinggearlab.com: did not receive HSTS header
 hilinemerchandising.com: did not receive HSTS header
 hillcity.org.nz: did not receive HSTS header
 hilnu.tk: could not connect to host
-himens.com: did not receive HSTS header
 hintergedanken.com: did not receive HSTS header
 hipercultura.com: did not receive HSTS header
 hiphopconvention.nl: could not connect to host
 hipnos.net: did not receive HSTS header
 hiqhub.co.uk: could not connect to host
 hirefitness.co.uk: did not receive HSTS header
 hirevets.gov: could not connect to host
 hirokilog.com: could not connect to host
@@ -3964,17 +3985,16 @@ huskybutt.dog: could not connect to host
 hyatt.com: did not receive HSTS header
 hydra.ws: did not receive HSTS header
 hydrodipcenter.nl: did not receive HSTS header
 hydronium.cf: could not connect to host
 hydronium.ga: could not connect to host
 hydronium.me: could not connect to host
 hydronium.ml: could not connect to host
 hydronium.tk: could not connect to host
-hydronyx.me: could not connect to host
 hypa.net.au: did not receive HSTS header
 hyper69.com: did not receive HSTS header
 hypnoresults.com.au: did not receive HSTS header
 hypnos.hu: did not receive HSTS header
 hysg.me: could not connect to host
 i-jp.net: could not connect to host
 i-partners.sk: did not receive HSTS header
 i-rickroll-n.pw: could not connect to host
@@ -4030,21 +4050,20 @@ ifx.ee: could not connect to host
 igforums.com: could not connect to host
 igiftcards.nl: did not receive HSTS header
 ignatisd.gr: did not receive HSTS header
 igule.net: could not connect to host
 ihrlotto.de: could not connect to host
 ihrnationalrat.ch: could not connect to host
 ihsbsd.me: could not connect to host
 ihsbsd.tk: could not connect to host
-iiong.com: did not receive HSTS header
 iispeed.com: did not receive HSTS header
 ijn-dd.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 119"  data: no]
 ijoda.com: did not receive HSTS header
-ikon.name: could not connect to host
+ikon.name: did not receive HSTS header
 ikwilguidobellen.nl: could not connect to host
 ilbuongiorno.it: did not receive HSTS header
 ilgi.work: could not connect to host
 ilikerainbows.co: could not connect to host
 ilikerainbows.co.uk: could not connect to host
 ilikfreshweedstores.com: did not receive HSTS header
 ilmconpm.de: did not receive HSTS header
 ilona.graphics: did not receive HSTS header
@@ -4130,16 +4149,17 @@ inplacers.ru: did not receive HSTS heade
 inquisitive.io: did not receive HSTS header
 insane-bullets.com: could not connect to host
 insite-feedback.com: did not receive HSTS header
 inspire-av.com: did not receive HSTS header
 inspiroinc.com: could not connect to host
 instacart.com: did not receive HSTS header
 instant-hack.com: did not receive HSTS header
 instantdev.io: could not connect to host
+instantkhabar.com: did not receive HSTS header
 instinctiveads.com: did not receive HSTS header
 institutoflordelavida.com: could not connect to host
 instruktor.io: could not connect to host
 intel.li: could not connect to host
 interboursegeneva.ch: did not receive HSTS header
 interference.io: could not connect to host
 interhosts.co.za: could not connect to host
 interim-cto.de: could not connect to host
@@ -4160,16 +4180,17 @@ intimateperrierjouet.com: could not conn
 intimici.com.br: could not connect to host
 intimtoy.com.ua: could not connect to host
 intranetsec.fr: could not connect to host
 intrp.net: did not receive HSTS header
 inverselink-user-content.com: could not connect to host
 inverselink.com: could not connect to host
 investnext.com: max-age too low: 43200
 invictusmc.uk: could not connect to host
+inviosolutions.com: max-age too low: 0
 invite24.pro: could not connect to host
 iolife.dk: could not connect to host
 ionas-law.ro: did not receive HSTS header
 iop.intuit.com: max-age too low: 86400
 iora.fr: could not connect to host
 iosmods.com: did not receive HSTS header
 iostips.ru: could not connect to host
 ip6.im: did not receive HSTS header
@@ -4262,17 +4283,16 @@ j-rickroll-a.pw: could not connect to ho
 ja-publications.com: did not receive HSTS header
 jaan.su: could not connect to host
 jabbari.io: did not receive HSTS header
 jackalworks.com: could not connect to host
 jackdoan.com: did not receive HSTS header
 jackfahnestock.com: could not connect to host
 jacobparry.ca: did not receive HSTS header
 jagido.de: did not receive HSTS header
-jaguarwong.xyz: could not connect to host
 jahliveradio.com: could not connect to host
 jamanji.com.ng: could not connect to host
 james-parker.com: did not receive HSTS header
 james.je: could not connect to host
 jamesachambers.com: could not connect to host
 jamesandpame.la: could not connect to host
 jamesburton.london: could not connect to host
 jamesbywater.co.uk: could not connect to host
@@ -4448,16 +4468,17 @@ junjung.me: max-age too low: 0
 junqtion.com: could not connect to host
 jupp0r.de: did not receive HSTS header
 justiceforfathers.com: could not connect to host
 justinlemay.com: could not connect to host
 justlikethat.hosting: did not receive HSTS header
 justnaw.co.uk: could not connect to host
 justudin.com: did not receive HSTS header
 justwood.cz: did not receive HSTS header
+jutella.de: did not receive HSTS header
 juvenex.co: could not connect to host
 juwairen.cn: could not connect to host
 jvoice.net: could not connect to host
 jwilsson.me: could not connect to host
 jxm.in: could not connect to host
 jysperm.me: did not receive HSTS header
 jznet.org: could not connect to host
 k-dev.de: could not connect to host
@@ -4588,17 +4609,17 @@ klaxn.org: could not connect to host
 klean-ritekc.com: did not receive HSTS header
 kleertjesvoordelig.nl: could not connect to host
 kleinerarchitekturfuehrer.de: could not connect to host
 kleppe.co: could not connect to host
 kletterkater.com: did not receive HSTS header
 klicktojob.de: could not connect to host
 klunkergarten.org: could not connect to host
 knapen.io: max-age too low: 604800
-knccloud.com: did not receive HSTS header
+knccloud.com: could not connect to host
 kngk-transavto.ru: could not connect to host
 knigadel.com: did not receive HSTS header
 knightsbridgegroup.org: could not connect to host
 knowdebt.org: did not receive HSTS header
 knowledgesnap.com: could not connect to host
 knowledgesnapsites.com: could not connect to host
 koddsson.com: did not receive HSTS header
 kode-it.de: could not connect to host
@@ -4613,16 +4634,17 @@ koik.io: could not connect to host
 kojima-life.co.jp: max-age too low: 0
 kokenmetaanbiedingen.nl: did not receive HSTS header
 kola-entertainments.de: did not receive HSTS header
 kolaykaydet.com: did not receive HSTS header
 kolozsvaricsuhe.hu: did not receive HSTS header
 komikito.com: could not connect to host
 kompetenzwerft.de: did not receive HSTS header
 konata.us: could not connect to host
+konkurs.ba: did not receive HSTS header
 kontaxis.network: could not connect to host
 koopjesnel.nl: could not connect to host
 koordinate.net: could not connect to host
 kori.ml: did not receive HSTS header
 koriyoukai.net: did not receive HSTS header
 kornersafe.com: did not receive HSTS header
 korni22.org: did not receive HSTS header
 korsanparti.org: could not connect to host
@@ -4724,17 +4746,16 @@ landhuisverkopen.nl: could not connect t
 landscape.canonical.com: max-age too low: 2592000
 landscapingmedic.com: could not connect to host
 langenbach.rocks: could not connect to host
 langendries.eu: could not connect to host
 langhun.me: did not receive HSTS header
 laniakean.com: did not receive HSTS header
 lanzainc.xyz: did not receive HSTS header
 laobox.fr: could not connect to host
-laospage.com: did not receive HSTS header
 laplaceduvillage.net: could not connect to host
 laplanetebleue.com: did not receive HSTS header
 laquack.com: could not connect to host
 laredsemanario.com: could not connect to host
 lasercloud.ml: could not connect to host
 laserfuchs.de: did not receive HSTS header
 lashstuff.com: did not receive HSTS header
 lastpass.com: did not receive HSTS header
@@ -4812,16 +4833,17 @@ lez-cuties.com: could not connect to hos
 lfullerdesign.com: could not connect to host
 lg21.co: could not connect to host
 lgiswa.com.au: did not receive HSTS header
 lgrs.com.au: did not receive HSTS header
 lgts.se: could not connect to host
 liaillustr.at: did not receive HSTS header
 liam-w.com: did not receive HSTS header
 liamjack.fr: could not connect to host
+liangji.com.tw: did not receive HSTS header
 lianye.in: did not receive HSTS header
 lianyexiuchang.in: could not connect to host
 liaoshuma.com: could not connect to host
 libanco.com: could not connect to host
 libertyrp.org: did not receive HSTS header
 library.linode.com: did not receive HSTS header
 librechan.net: could not connect to host
 libreduca.com: could not connect to host
@@ -5159,31 +5181,31 @@ matsuz.com: could not connect to host
 matt.tf: did not receive HSTS header
 mattandreko.com: did not receive HSTS header
 matterconcern.com: could not connect to host
 mattfin.ch: could not connect to host
 matthewprenger.com: could not connect to host
 matthiassteen.be: max-age too low: 0
 mattressinsider.com: max-age too low: 3153600
 mattsvensson.com: max-age too low: 0
-mattwservices.co.uk: did not receive HSTS header
 matty.digital: did not receive HSTS header
 maultrom.ml: could not connect to host
 maupiknik.com: did not receive HSTS header
 maur.cz: did not receive HSTS header
 maurus-automation.de: did not receive HSTS header
 mausi.co: did not receive HSTS header
 mavisang.cf: could not connect to host
 mawe.red: could not connect to host
 maximov.space: could not connect to host
 maxr1998.de: did not receive HSTS header
 maxserver.com: did not receive HSTS header
 maya.mg: could not connect to host
 mazyun.com: max-age too low: 3600
 mazz-tech.com: could not connect to host
+mazzotta.me: did not receive HSTS header
 mbconsultancy.nu: did not receive HSTS header
 mc81.com: could not connect to host
 mca2017.org: did not receive HSTS header
 mcard.vn: did not receive HSTS header
 mcc.re: could not connect to host
 mccarty.io: could not connect to host
 mcdonalds.ru: did not receive HSTS header
 mcga.media: could not connect to host
@@ -5649,16 +5671,17 @@ nedwave.com: could not connect to host
 nedzad.me: could not connect to host
 neftaly.com: did not receive HSTS header
 negativzinsen.info: did not receive HSTS header
 neilgreen.net: did not receive HSTS header
 neko-life.com: did not receive HSTS header
 neko-system.com: did not receive HSTS header
 nemno.de: could not connect to host
 nemovement.org: could not connect to host
+neo19.com: did not receive HSTS header
 neoani.me: could not connect to host
 neofelhz.space: could not connect to host
 neonisi.com: could not connect to host
 neonnuke.tech: did not receive HSTS header
 neosolution.ca: did not receive HSTS header
 nepustil.net: did not receive HSTS header
 nerd42.de: could not connect to host
 neris.io: could not connect to host
@@ -5865,26 +5888,27 @@ ofcourselanguages.com: could not connect
 offenedialoge.de: max-age too low: 2592000
 officeclub.com.mx: did not receive HSTS header
 offshore-firma.org: could not connect to host
 offshore-unternehmen.com: could not connect to host
 offshorefirma-gruenden.com: could not connect to host
 offshoremarineparts.com: did not receive HSTS header
 oficinadocelular.com.br: could not connect to host
 oganek.ie: could not connect to host
-oganime.com: did not receive HSTS header
+oganime.com: could not connect to host
 ogogoshop.com: could not connect to host
 ohling.org: could not connect to host
 ohm2013.org: did not receive HSTS header
 ohsocool.org: could not connect to host
 ohyooo.com: could not connect to host
 oiepoie.nl: could not connect to host
 oishioffice.com: did not receive HSTS header
 ojls.co: could not connect to host
 okane.love: could not connect to host
+oke.com.tw: did not receive HSTS header
 okok-rent.com: could not connect to host
 okok.rent: could not connect to host
 okutama.in.th: could not connect to host
 olafnorge.de: did not receive HSTS header
 olanderflorist.com: could not connect to host
 olcso-vps-szerver.hu: could not connect to host
 oldchaphome.nl: could not connect to host
 oldoakflorist.com: could not connect to host
@@ -5892,17 +5916,16 @@ oliverdunk.com: did not receive HSTS hea
 ollehbizev.co.kr: could not connect to host
 olswangtrainees.com: could not connect to host
 omacostudio.com: could not connect to host
 omgaanmetidealen.com: could not connect to host
 ominto.com: did not receive HSTS header
 omniscimus.net: could not connect to host
 omniti.com: max-age too low: 1
 omquote.gq: could not connect to host
-omsdieppe.fr: did not receive HSTS header
 omskit.ru: did not receive HSTS header
 omyogarishikesh.com: did not receive HSTS header
 one-pe.com: did not receive HSTS header
 onearth.one: did not receive HSTS header
 oneb4nk.com: could not connect to host
 onecycling.my: could not connect to host
 onecycling.world: could not connect to host
 onefour.co: could not connect to host
@@ -5993,17 +6016,16 @@ oroweatorganic.com: could not connect to
 orthodoxy.lt: did not receive HSTS header
 orwell1984.today: did not receive HSTS header
 osaiyuwu.com: could not connect to host
 oscloud.com: could not connect to host
 oscloud.com.ua: could not connect to host
 oscreen.me: could not connect to host
 oscreen.org: could not connect to host
 osdls.gov: could not connect to host
-oshrc.gov: did not receive HSTS header
 oslfoundation.org: could not connect to host
 osp.cx: could not connect to host
 ossan-kobe-gourmet.com: did not receive HSTS header
 ossbinaries.com: could not connect to host
 osteammate.com: could not connect to host
 ostendorf.com: did not receive HSTS header
 osticketawesome.com: did not receive HSTS header
 oswaldmattgroup.com: did not receive HSTS header
@@ -6023,17 +6045,16 @@ ouvirmusica.com.br: did not receive HSTS
 ovenapp.io: did not receive HSTS header
 override.io: did not receive HSTS header
 oversight.io: could not connect to host
 ovuscloud.de: could not connect to host
 ovvy.net: did not receive HSTS header
 owennelson.me: could not connect to host
 owncloud.help: could not connect to host
 ownmovies.fr: could not connect to host
-oxro.co: did not receive HSTS header
 oxygenabsorbers.com: did not receive HSTS header
 oxynux.fr: could not connect to host
 oyste.in: could not connect to host
 ozoz.cc: could not connect to host
 p-rickroll-o.pw: could not connect to host
 p.linode.com: could not connect to host
 p1c.pw: could not connect to host
 p3.marketing: did not receive HSTS header
@@ -6120,16 +6141,17 @@ paxdei.com.br: could not connect to host
 paxwinkel.nl: did not receive HSTS header
 pay.gigahost.dk: did not receive HSTS header
 paybro.eu: did not receive HSTS header
 payfreez.com: could not connect to host
 payments-reference.org: could not connect to host
 payments.google.com: did not receive HSTS header (error ignored - included regardless)
 payroll.ch: could not connect to host
 paytwopay.com: could not connect to host
+pback.se: did not receive HSTS header
 pbapp.net: did not receive HSTS header
 pbbr.com: did not receive HSTS header
 pbprint.ru: did not receive HSTS header
 pc-nf.de: did not receive HSTS header
 pcat.io: could not connect to host
 pcfun.net: could not connect to host
 pchax.net: could not connect to host
 pchospital.cc: did not receive HSTS header
@@ -6275,16 +6297,17 @@ play.google.com: did not receive HSTS he
 playerhunter.com: did not receive HSTS header
 playerscout.net: did not receive HSTS header
 playflick.com: did not receive HSTS header
 playmaker.io: could not connect to host
 playnation.io: could not connect to host
 pleasure.forsale: could not connect to host
 pleier-it.de: did not receive HSTS header
 pleier.it: did not receive HSTS header
+plextv.de: did not receive HSTS header
 plfgr.eu.org: could not connect to host
 plhdb.org: did not receive HSTS header
 plirt.ru: could not connect to host
 plixer.com: did not receive HSTS header
 plogable.co: could not connect to host
 plombirator.kz: did not receive HSTS header
 plothost.com: did not receive HSTS header
 ploup.net: could not connect to host
@@ -6341,16 +6364,17 @@ postback.io: could not connect to host
 postcodewise.co.uk: could not connect to host
 posterspy.com: did not receive HSTS header
 postscheduler.org: could not connect to host
 posylka.de: did not receive HSTS header
 potatoheads.net: could not connect to host
 potbar.com: could not connect to host
 potlytics.com: could not connect to host
 potsky.com: did not receive HSTS header
+pourmesloisirs.com: did not receive HSTS header
 poussinooz.fr: could not connect to host
 povitria.net: could not connect to host
 power-l.ch: did not receive HSTS header
 power-of-interest.com: could not connect to host
 power99press.com: did not receive HSTS header
 poweroff.win: could not connect to host
 powerplannerapp.com: did not receive HSTS header
 powershift.ne.jp: did not receive HSTS header
@@ -6467,17 +6491,17 @@ purplemoon.mobi: did not receive HSTS he
 purplestar.mobi: did not receive HSTS header
 purpoz.com.br: could not connect to host
 push.world: did not receive HSTS header
 pushapp.org: did not receive HSTS header
 pwd.ovh: could not connect to host
 pwm.jp: could not connect to host
 pwnsdx.pw: could not connect to host
 pyol.org: could not connect to host
-pypi-mirrors.org: did not receive HSTS header
+pypi-mirrors.org: could not connect to host
 pypi-status.org: could not connect to host
 pyplo.org: did not receive HSTS header
 pypt.lt: did not receive HSTS header
 pyrrhonism.org: could not connect to host
 pythonic.guru: could not connect to host
 pythonic.training: could not connect to host
 pzgreni.ch: did not receive HSTS header
 pzme.me: could not connect to host
@@ -6790,17 +6814,16 @@ rubecodeberg.com: could not connect to h
 rubenschulz.nl: could not connect to host
 rubi-ka.net: max-age too low: 0
 ruborr.se: did not receive HSTS header
 rubysecurity.org: did not receive HSTS header
 rubyshop.nl: max-age too low: 604800
 rudeotter.com: did not receive HSTS header
 rugirlfriend.com: could not connect to host
 rugs.ca: did not receive HSTS header
-ruhr3.de: did not receive HSTS header
 ruig.jp: could not connect to host
 ruiming.me: did not receive HSTS header
 ruitershoponline.nl: did not receive HSTS header
 rumoterra.com.br: could not connect to host
 runawebinar.nl: could not connect to host
 runhardt.eu: did not receive HSTS header
 runtl.com: did not receive HSTS header
 runtondev.com: did not receive HSTS header
@@ -7036,16 +7059,17 @@ serbien.guide: could not connect to host
 serenitycreams.com: did not receive HSTS header
 serfdom.io: did not receive HSTS header
 serized.pw: could not connect to host
 serverangels.co.uk: could not connect to host
 servercode.ca: did not receive HSTS header
 serverdensity.io: did not receive HSTS header
 servergno.me: did not receive HSTS header
 servermonkey.nl: could not connect to host
+servicevie.com: did not receive HSTS header
 servious.org: could not connect to host
 servu.de: did not receive HSTS header
 seryo.moe: could not connect to host
 seryo.net: could not connect to host
 sessionslogning.dk: could not connect to host
 setphaserstostun.org: could not connect to host
 setuid.de: could not connect to host
 setuid.io: did not receive HSTS header
@@ -7171,16 +7195,17 @@ sirius-lee.net: could not connect to hos
 sitehost.io: did not receive HSTS header
 sitennisclub.com: did not receive HSTS header
 siterip.org: could not connect to host
 sites.google.com: did not receive HSTS header (error ignored - included regardless)
 sitesforward.com: did not receive HSTS header
 sitesten.com: did not receive HSTS header
 sixtwentyten.com: did not receive HSTS header
 sizingservers.be: did not receive HSTS header
+skei.org: did not receive HSTS header
 ski-insurance.com.au: did not receive HSTS header
 skidstresser.com: did not receive HSTS header
 skillproxy.com: could not connect to host
 skillproxy.net: could not connect to host
 skillproxy.org: could not connect to host
 skk.io: could not connect to host
 skoda-clever-lead.de: could not connect to host
 skoda-nurdiebesten.de: did not receive HSTS header
@@ -7381,17 +7406,16 @@ ssmato.me: could not connect to host
 ssn1.ru: did not receive HSTS header
 sspanda.com: could not connect to host
 ssworld.ga: could not connect to host
 staack.com: could not connect to host
 stabletoken.com: could not connect to host
 stackfiles.io: could not connect to host
 stadjerspasonline.nl: could not connect to host
 stadtbauwerk.at: did not receive HSTS header
-stadterneuerung-hwb.de: did not receive HSTS header
 staffjoy.com: did not receive HSTS header
 staffjoystaging.com: could not connect to host
 stahl.xyz: could not connect to host
 stalkerhispano.com: max-age too low: 0
 stalschermer.nl: could not connect to host
 standardssuck.org: did not receive HSTS header
 standingmist.com: did not receive HSTS header
 stannahtrapliften.nl: did not receive HSTS header
@@ -7475,16 +7499,17 @@ studenttravel.cz: did not receive HSTS h
 studinf.xyz: could not connect to host
 studio-panic.com: did not receive HSTS header
 studiozelden.com: did not receive HSTS header
 studybay.com: did not receive HSTS header
 studydrive.net: did not receive HSTS header
 studyhub.cf: did not receive HSTS header
 stugb.de: did not receive HSTS header
 sturbock.me: did not receive HSTS header
+sturdio.com.br: did not receive HSTS header
 stylenda.com: could not connect to host
 stytt.com: could not connect to host
 subbing.work: could not connect to host
 subdimension.org: could not connect to host
 subeesu.com: could not connect to host
 subhacker.net: did not receive HSTS header
 subsys.no: did not receive HSTS header
 subtitle.rip: could not connect to host
@@ -7528,17 +7553,17 @@ superuser.fi: could not connect to host
 superwally.org: could not connect to host
 supes.io: did not receive HSTS header
 support4server.de: did not receive HSTS header
 suprlink.net: could not connect to host
 supweb.ovh: did not receive HSTS header
 surfeasy.com: did not receive HSTS header
 surfone-leucate.com: did not receive HSTS header
 survivalistplanet.com: could not connect to host
-sussexwebdesigns.info: did not receive HSTS header
+sussexwebdesigns.info: could not connect to host
 suzukikenichi.com: did not receive HSTS header
 svatba-frantovi.cz: could not connect to host
 svenluijten.com: did not receive HSTS header
 svenskacasino.com: did not receive HSTS header
 svenskaservern.se: did not receive HSTS header
 svetjakonadlani.cz: did not receive HSTS header
 swaleacademiestrust.org.uk: max-age too low: 2592000
 swdatlantico.pt: could not connect to host
@@ -7628,16 +7653,17 @@ tasmansecurity.com: could not connect to
 tassup.com: could not connect to host
 tastyyy.co: could not connect to host
 tatilbus.com: did not receive HSTS header
 tatt.io: could not connect to host
 tauchkater.de: could not connect to host
 tavoittaja.fi: did not receive HSTS header
 tavopica.lt: did not receive HSTS header
 taxbench.com: could not connect to host
+taxi-24std.de: did not receive HSTS header
 taxiindenbosch.nl: did not receive HSTS header
 taxsnaps.co.nz: did not receive HSTS header
 tazz.in: could not connect to host
 tbspace.de: did not receive HSTS header
 tc-bonito.de: did not receive HSTS header
 tcao.info: could not connect to host
 tcby45.xyz: could not connect to host
 tcdw.net: could not connect to host
@@ -7755,16 +7781,17 @@ theclementinebutchers.com: could not con
 theclubjersey.com: did not receive HSTS header
 thecoffeehouse.xyz: could not connect to host
 thecrochetcottage.net: could not connect to host
 thedrop.pw: did not receive HSTS header
 thedystance.com: could not connect to host
 theelitebuzz.com: did not receive HSTS header
 theendofzion.com: did not receive HSTS header
 theescapistswiki.com: could not connect to host
+theeyeopener.com: did not receive HSTS header
 thefarbeyond.com: could not connect to host
 theflowerbasketonline.com: could not connect to host
 thefootballanalyst.com: did not receive HSTS header
 thefreebirds.in: could not connect to host
 thefrozenfire.com: did not receive HSTS header
 thefutureharrills.com: could not connect to host
 thegcccoin.com: did not receive HSTS header
 thego2swatking.com: could not connect to host
@@ -7870,17 +7897,16 @@ timcamara.com: could not connect to host
 time-river.xyz: could not connect to host
 timesavingplugins.com: could not connect to host
 timesavingplugins.net: could not connect to host
 timeserver0.de: could not connect to host
 timeserver1.de: could not connect to host
 timeserver2.de: could not connect to host
 timeserver3.de: could not connect to host
 timestamp.io: did not receive HSTS header
-timetab.org: could not connect to host
 timhjalpen.se: could not connect to host
 timnash.co.uk: did not receive HSTS header
 timotrans.de: did not receive HSTS header
 timotrans.eu: did not receive HSTS header
 timowi.de: could not connect to host
 timowi.net: could not connect to host
 timschubert.net: max-age too low: 172800
 timwittenberg.com: could not connect to host
@@ -7937,17 +7963,16 @@ tokoone.com: did not receive HSTS header
 tokotamz.net: could not connect to host
 tokotimbangandigitalmurah.web.id: did not receive HSTS header
 tokoyo.biz: could not connect to host
 tollmanz.com: did not receive HSTS header
 tolud.com: did not receive HSTS header
 tom.horse: did not receive HSTS header
 tomeara.net: could not connect to host
 tomevans.io: did not receive HSTS header
-tomharris.tech: did not receive HSTS header
 tomlankhorst.nl: did not receive HSTS header
 tomli.me: could not connect to host
 tommsy.com: did not receive HSTS header
 tommyads.com: could not connect to host
 tommyweber.de: did not receive HSTS header
 tomphill.co.uk: could not connect to host
 tongmu.me: did not receive HSTS header
 tonyfantjr.com: could not connect to host
@@ -8207,16 +8232,17 @@ upldr.pw: could not connect to host
 uporoops.com: could not connect to host
 uprotect.it: could not connect to host
 upstats.eu: could not connect to host
 ur-lauber.de: did not receive HSTS header
 urandom.eu.org: did not receive HSTS header
 urban-garden.lt: could not connect to host
 urban-garden.lv: could not connect to host
 urbanfi.sh: did not receive HSTS header
+urbanstylestaging.com: did not receive HSTS header
 urbpic.com: could not connect to host
 urlchomp.com: did not receive HSTS header
 urphp.com: could not connect to host
 us-immigration.com: did not receive HSTS header
 usaab.org: did not receive HSTS header
 usafuelservice.com: did not receive HSTS header
 usbirthcertificate.com: did not receive HSTS header
 usbtypeccompliant.com: could not connect to host
@@ -8253,16 +8279,17 @@ v2.pw: did not receive HSTS header
 v2ex.us: did not receive HSTS header
 v4s.ro: did not receive HSTS header
 v4veedu.com: could not connect to host
 v7.cl: could not connect to host
 v789xl.com: did not receive HSTS header
 vaalmarketplace.co.za: did not receive HSTS header
 vacationality.com: could not connect to host
 vackerbetong.se: could not connect to host
+vacuumreviewcenter.com: did not receive HSTS header
 vaddder.com: could not connect to host
 vadodesign.nl: did not receive HSTS header
 valenscaelum.com: could not connect to host
 valethound.com: could not connect to host
 valhalla-agency.com: did not receive HSTS header
 valhallacostarica.com: could not connect to host
 valhallamovement.com: did not receive HSTS header
 valitron.se: did not receive HSTS header
@@ -8438,17 +8465,17 @@ walkeryoung.ca: could not connect to hos
 wallabag.it: did not receive HSTS header
 wallabag.org: did not receive HSTS header
 wallet.google.com: did not receive HSTS header (error ignored - included regardless)
 wallsblog.dk: could not connect to host
 walnutgaming.co.uk: could not connect to host
 walterlynnmosley.com: did not receive HSTS header
 wan.pp.ua: could not connect to host
 wanban.io: could not connect to host
-wangjun.me: did not receive HSTS header
+wangjun.me: could not connect to host
 wangkezun.com: could not connect to host
 wangqiliang.cn: did not receive HSTS header
 wangqiliang.org: did not receive HSTS header
 wangqiliang.xn--fiqs8s: could not connect to host
 wangzuan168.cc: could not connect to host
 wapjt.cn: could not connect to host
 wapt.fr: did not receive HSTS header
 warandpeace.xyz: could not connect to host
@@ -8702,17 +8729,17 @@ www.logentries.com: did not receive HSTS
 www.moneybookers.com: did not receive HSTS header
 www.neonisi.com: could not connect to host
 www.paycheckrecords.com: did not receive HSTS header
 www.rme.li: did not receive HSTS header
 www.sandbox.mydigipass.com: could not connect to host
 www.surfeasy.com: did not receive HSTS header
 www.viasinc.com: did not receive HSTS header
 www.zenpayroll.com: did not receive HSTS header
-www3.info: could not connect to host
+www3.info: did not receive HSTS header
 wxukang.cn: could not connect to host
 wybmabiity.com: could not connect to host
 wygluszanie.eu: did not receive HSTS header
 wyzphoto.nl: did not receive HSTS header
 x-power-detox.com: could not connect to host
 x-ripped-hd.com: could not connect to host
 x2w.io: could not connect to host
 x3led.com: could not connect to host
@@ -8791,17 +8818,16 @@ xn--yoamomisuasbcn-ynb.com: could not co
 xn--zck9a4b352yuua.jp: did not receive HSTS header
 xobox.me: could not connect to host
 xoffy.com: did not receive HSTS header
 xom.party: could not connect to host
 xor-a.net: could not connect to host
 xperiacodes.com: did not receive HSTS header
 xpi.fr: could not connect to host
 xpj.sx: could not connect to host
-xpjcunkuan.com: did not receive HSTS header
 xrp.pw: could not connect to host
 xsmobile.de: could not connect to host
 xtom.email: could not connect to host
 xtream-hosting.com: could not connect to host
 xtream-hosting.de: could not connect to host
 xtream-hosting.eu: could not connect to host
 xtreamhosting.eu: could not connect to host
 xtrim.ru: did not receive HSTS header
@@ -8818,29 +8844,31 @@ yagi2.com: could not connect to host
 yamamo10.com: could not connect to host
 yameveo.com: did not receive HSTS header
 yanwh.xyz: did not receive HSTS header
 yaoidreams.com: did not receive HSTS header
 yaporn.tv: did not receive HSTS header
 yard-fu.com: could not connect to host
 yardbird.us: could not connect to host
 yarnhookup.com: did not receive HSTS header
-yasinaydin.net: max-age too low: 2592000
+yasinaydin.net: could not connect to host
 yasutomonodokoiko.com: did not receive HSTS header
 yatesun.com: did not receive HSTS header
 ycc.wtf: could not connect to host
 ycm2.wtf: could not connect to host
 ydy.jp: could not connect to host
 yello.website: could not connect to host
 yenniferallulli.com: could not connect to host
 yenniferallulli.de: could not connect to host
 yenniferallulli.es: did not receive HSTS header
 yenniferallulli.moda: could not connect to host
 yenniferallulli.nl: could not connect to host
 yesdevnull.net: did not receive HSTS header
+yesonline.asia: did not receive HSTS header
+yesonline.me: did not receive HSTS header
 yestees.com: did not receive HSTS header
 yetcore.io: could not connect to host
 yhrd.org: did not receive HSTS header
 yikzu.cn: could not connect to host
 yin.roma.it: did not receive HSTS header
 yingsuo.ltd: could not connect to host
 yingyj.com: could not connect to host
 yinhe12.net: did not receive HSTS header
@@ -8895,23 +8923,21 @@ ywyz.tech: did not receive HSTS header
 yzal.io: could not connect to host
 z3liff.com: could not connect to host
 z3liff.net: could not connect to host
 zadieheimlich.com: did not receive HSTS header
 zahyantechnologies.com: could not connect to host
 zakoncontrol.com: did not receive HSTS header
 zamorano.edu: could not connect to host
 zamos.ru: max-age too low: 0
-zandcell.com: did not receive HSTS header
 zaneweb.org: could not connect to host
 zao.fi: could not connect to host
 zaoshanghao-dajia.rhcloud.com: could not connect to host
 zap.yt: did not receive HSTS header
 zarooba.com: could not connect to host
-zary.me: did not receive HSTS header
 zavca.com: did not receive HSTS header
 zbigniewgalucki.eu: did not receive HSTS header
 zcon.nl: could not connect to host
 zdravotnickasluzba.eu: could not connect to host
 zebrababy.cn: could not connect to host
 zebry.nl: could not connect to host
 zecrypto.com: could not connect to host
 zeedroom.be: did not receive HSTS header
@@ -8924,17 +8950,17 @@ zenhaiku.com: did not receive HSTS heade
 zenpayroll.com: did not receive HSTS header
 zentience.dk: did not receive HSTS header
 zentience.net: did not receive HSTS header
 zentience.org: did not receive HSTS header
 zentraler-kreditausschuss.de: did not receive HSTS header
 zentralwolke.de: did not receive HSTS header
 zenwears.com: did not receive HSTS header
 zera.com.au: could not connect to host
-zerekin.net: could not connect to host
+zerekin.net: did not receive HSTS header
 zeroday.sk: did not receive HSTS header
 zerofox.gq: could not connect to host
 zeroml.ml: could not connect to host
 zerudi.com: did not receive HSTS header
 zeto365.pl: did not receive HSTS header
 zett4.me: could not connect to host
 zeytin.pro: could not connect to host
 zh1.li: could not connect to host
--- a/security/manager/ssl/nsSTSPreloadList.inc
+++ b/security/manager/ssl/nsSTSPreloadList.inc
@@ -3,17 +3,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*****************************************************************************/
 /* This is an automatically generated file. If you're not                    */
 /* nsSiteSecurityService.cpp, you shouldn't be #including it.     */
 /*****************************************************************************/
 
 #include <stdint.h>
-const PRTime gPreloadListExpirationTime = INT64_C(1520015729201000);
+const PRTime gPreloadListExpirationTime = INT64_C(1520102102086000);
 %%
 0.me.uk, 1
 00001.am, 1
 00002.am, 1
 0005pay.com, 1
 0010100.net, 1
 00220022.net, 1
 007-preisvergleich.de, 1
@@ -53,17 +53,17 @@ 0paste.com, 1
 0wx.cat, 1
 0wx.es, 1
 0wx.eu, 1
 0wx.org, 1
 0x.cx, 1
 0x.sk, 1
 0x00ff00ff.com, 1
 0x17.de, 1
-0x52.net, 0
+0x52.net, 1
 0x52.org, 1
 0x539.be, 1
 0x65.net, 1
 0x7fffffff.net, 1
 0x90.in, 1
 0x90.io, 1
 0xaa55.me, 1
 0xabe.io, 1
@@ -90,17 +90,16 @@ 100rembourse.be, 1
 1011100.com, 1
 101sauna.kz, 1
 101sauna.ru, 1
 1041263497.rsc.cdn77.org, 1
 1066.io, 1
 10gbit.ovh, 1
 10hz.de, 1
 10og.de, 1
-10ppm.com, 1
 10x.ooo, 1
 1100.so, 1
 1116pay.com, 1
 112app.nl, 1
 112hz.com, 1
 11loc.de, 1
 11scc.com, 1
 11thstreetcoffee.com, 1
@@ -1343,17 +1342,16 @@ ameza.net, 1
 amf.to, 1
 amg-microwave.com, 1
 ami-de-bastanes.fr, 1
 amicalecanyon.ch, 1
 amiciidogrescue.org.uk, 1
 amicsdelbus.com, 1
 amihub.com, 1
 amilum.org, 1
-amin.one, 1
 aminafrance.com, 1
 amineptine.com, 1
 amisharingstuff.com, 1
 amnesy.fr, 1
 amorgos-aegialis.com, 1
 amorim.ca, 1
 ampersandnbspsemicolon.com, 1
 amphetamines.org, 1
@@ -1608,16 +1606,17 @@ antispeciesist.com, 1
 antocom.com, 1
 antoinebetas.be, 1
 antoined.fr, 1
 antoinemary.com, 1
 antonchen.com, 1
 antonellabb.eu, 1
 antons.io, 1
 antragsgruen.de, 1
+anttitenhunen.com, 1
 anvartay.com, 1
 anwaltsindex.com, 1
 anxietyspace.com, 1
 anxiolytics.com, 1
 any.pm, 0
 anyfood.fi, 1
 anyon.com, 1
 anypeer.net, 1
@@ -1838,17 +1837,16 @@ argovpay.com, 1
 arian.io, 1
 ariba.info, 1
 ariege-pyrenees.net, 1
 arifp.me, 1
 arigato-java.download, 1
 arijitdg.net, 1
 arikar.eu, 1
 arima.co.ke, 1
-arislight.com, 1
 aristocrates.co, 1
 aristocratps.com, 1
 aritec-la.com, 1
 arithxu.com, 1
 arivo.com.br, 1
 arizonaautomobileclub.com, 1
 arjandejong.eu, 1
 arjanvaartjes.net, 1
@@ -2729,17 +2727,16 @@ beekeeper.blog, 1
 beekeeper.clothing, 1
 beekeeper.supplies, 1
 beekeeper.supply, 1
 beekeeper.tools, 1
 beekeeping.clothing, 1
 beekeeping.tools, 1
 beeksnetwork.nl, 1
 beelen.fr, 1
-beepan.com, 0
 beercandle.com, 1
 beergazetteer.com, 1
 beerians.com, 1
 beermedlar.com, 1
 beerradar.no, 1
 beerradar.party, 1
 beersandco.ch, 1
 beersconf.com, 1
@@ -3769,16 +3766,17 @@ brettabel.com, 1
 brettcornwall.com, 1
 brettelliff.com, 1
 brettpemberton.xyz, 1
 bretz-hufer.de, 1
 bretzner.fr, 1
 brevboxar.se, 1
 brewsouth.com, 1
 brewtrackr.com, 1
+brfvh24.se, 1
 brgins.com, 1
 brianalaway.com, 1
 brianalawayconsulting.com, 1
 brianfoshee.com, 1
 briangarcia.ga, 1
 brianlanders.us, 1
 brianmwaters.net, 1
 brianpcurran.com, 1
@@ -4051,16 +4049,17 @@ bw.codes, 1
 bwcscorecard.org, 1
 bwh1.net, 1
 bwilkinson.co.uk, 1
 bws16.de, 1
 bwwb.nu, 1
 bx-n.de, 1
 bxdev.me, 1
 bxp40.at, 1
+by1896.com, 1
 by1898.com, 1
 by1899.com, 1
 by77.com, 1
 by777.com, 1
 byatte.com, 1
 bygningsregistrering.dk, 1
 byiu.info, 1
 byji.com, 1
@@ -4245,16 +4244,17 @@ candicecity.com, 1
 candidasa.com, 1
 cando.eu, 1
 candy-it.de, 1
 candylion.rocks, 1
 candyout.com, 1
 canhazip.com, 1
 canifis.net, 1
 canihavesome.coffee, 1
+canlidoviz.com, 1
 cannabis-marijuana.com, 1
 cannarobotics.com, 1
 cannyfoxx.me, 1
 canoonic.se, 1
 cantatio.ch, 1
 canterberry.cc, 1
 cantrack.com, 1
 canva-dev.com, 1
@@ -5013,16 +5013,17 @@ ciphrex.com, 1
 cipri.com, 1
 cira.email, 1
 circ-logic.com, 1
 circara.com, 1
 circlebox.rocks, 1
 circu.ml, 1
 cirfi.com, 1
 cirope.com, 1
+cirrus0.de, 1
 cirugiasplasticas.com.mx, 1
 cirurgicagervasio.com.br, 1
 cirurgicalucena.com.br, 1
 ciscodude.net, 1
 cisoaid.com, 1
 ciss.ltd, 1
 cisy.me, 1
 citationgurus.com, 1
@@ -5450,16 +5451,17 @@ cometcache.com, 1
 cometonovascotia.ca, 1
 comff.net, 1
 comfintouch.com, 1
 comflores.com.br, 1
 comfypc.com, 1
 comhack.com, 1
 comico.info, 1
 comicrelief.com, 1
+comicspornos.com, 1
 comicwiki.dk, 1
 comiq.io, 1
 comiteaintriathlon.fr, 1
 comm.cx, 1
 commania.co.kr, 1
 commechezvous.ch, 1
 commencepayments.com, 1
 commerciallocker.com, 0
@@ -5506,17 +5508,16 @@ compliancedictionary.com, 1
 compliancerisksoftware.co.uk, 1
 complt.xyz, 1
 compostatebien.com.ar, 1
 compreautomacao.com.br, 1
 compredietlight.com.br, 1
 comprefitasadere.com.br, 1
 comprehensiveihc.com, 1
 compsmag.com, 1
-compubench.com, 1
 compucastell.ch, 1
 compucorner.mx, 1
 compuplast.cz, 1
 computehealth.com, 1
 computer-acquisti.com, 1
 computeracademy.co.za, 1
 computerassistance.co.uk, 1
 computerbase.de, 1
@@ -5543,17 +5544,16 @@ condepenalba.com, 1
 condesaelectronics.com, 1
 condosforcash.com, 1
 condroz-motors.be, 1
 conectalmeria.com, 1
 confiancefoundation.org, 1
 confidential.network, 1
 config.schokokeks.org, 0
 confiwall.de, 1
-conflux.tw, 1
 conformax.com.br, 1
 conformist.jp, 1
 confucio.cl, 1
 confuddledpenguin.com, 1
 congineer.com, 1
 congobunkering.com, 1
 conkret.ch, 1
 conkret.co.uk, 1
@@ -6354,16 +6354,17 @@ darkfire.ch, 1
 darkishgreen.com, 1
 darknode.in, 1
 darkserver.fedoraproject.org, 1
 darkserver.stg.fedoraproject.org, 1
 darkshop.nl, 1
 darkside.re, 1
 darkspacelab.com, 1
 darktime.ru, 1
+darkwater.info, 1
 darkx.me, 1
 darlastudio66.com, 1
 darlo.co.uk, 0
 darom.jp, 1
 darookee.net, 1
 darrenm.net, 1
 darrienworth.com, 1
 darshnam.com, 1
@@ -6953,17 +6954,16 @@ dicionario.org, 1
 dicionariodegirias.com.br, 1
 dicionariodelatim.com.br, 1
 dicionariodenomesproprios.com.br, 1
 dicionariodesimbolos.com.br, 1
 dicionarioetimologico.com.br, 1
 dicionariopopular.com, 1
 dick.red, 1
 dickieslife.com, 1
-dicoding.com, 1
 didacte.com, 1
 didche.net, 1
 diddens.de, 1
 didierlaumen.be, 1
 die-besten-weisheiten.de, 1
 die-blahuts.de, 1
 die-borts.ch, 1
 die-gruenen-teufel.de, 1
@@ -7620,17 +7620,16 @@ dubrovskiy.net, 1
 dubrovskiy.pro, 1
 ducalendars.com, 1
 duch.cloud, 1
 duckasylum.com, 1
 duckbase.com, 1
 duckduckstart.com, 1
 duckinc.net, 1
 ducohosting.com, 1
-dudesunderwear.com.br, 1
 duelsow.eu, 1
 duernberg.at, 1
 duesee.org, 1
 dufrei.com, 1
 dugnet.com, 1
 dugnet.io, 1
 dugnet.net, 1
 dugnet.org, 1
@@ -7832,17 +7831,16 @@ ebankingmasicuro.ch, 1
 ebas.ch, 1
 ebataw.com, 1
 ebayinc.com, 1
 ebaymotorssucks.com, 1
 ebermannstadt.de, 0
 eboek.info, 1
 ebonyriddle.com, 1
 ebooki.eu.org, 1
-ebooksgratuits.org, 1
 ebop.ch, 1
 eboyer.com, 1
 ebrnd.de, 1
 ebrowz.com, 1
 ec-baran.de, 1
 ecchidreams.com, 1
 ecco-verde.com, 0
 eccoviasolutions.com, 1
@@ -8418,17 +8416,17 @@ epicvistas.de, 1
 epicwalnutcreek.com, 1
 epilis.gr, 1
 epiphyte.network, 1
 epistas.com, 1
 epistas.de, 1
 epizentrum.work, 1
 epizentrum.works, 1
 epmcentroitalia.it, 1
-epoch.com, 0
+epoch.com, 1
 epolitiker.com, 1
 epos-distributor.co.uk, 1
 eposbirmingham.co.uk, 1
 eposbrighton.co.uk, 1
 eposcardiff.co.uk, 1
 eposcloud.net, 1
 eposkent.co.uk, 1
 eposleeds.co.uk, 1
@@ -8575,16 +8573,17 @@ eskdale.net, 1
 eskriett.com, 1
 esoa.net, 1
 esoko.eu, 1
 esolcourses.com, 1
 esono.de, 1
 esoterik.link, 1
 esoterikerforum.de, 1
 esp-berlin.de, 1
+esp.community, 1
 espace-caen.fr, 1
 espace-gestion.fr, 1
 espacetemps.ch, 1
 espacetheosophie.fr, 1
 espacio-cultural.com, 1
 espanol.search.yahoo.com, 0
 espanova.com, 1
 espci.fr, 1
@@ -9074,17 +9073,16 @@ faq.lookout.com, 0
 fara.gov, 1
 faraslot8.com, 1
 faraslot8.net, 1
 farcecrew.de, 1
 faretravel.co.uk, 1
 farfallapets.com.br, 1
 farfetchos.com, 1
 fargtorget.se, 1
-farhadexchange.com, 1
 farhood.org, 1
 farid.is, 1
 farkas.bz, 1
 farm24.co.uk, 1
 farmacia.pt, 1
 farmaciaformula.com.br, 1
 farmacialaboratorio.it, 1
 farmer.dating, 1
@@ -9192,16 +9190,17 @@ feel.aero, 1
 feelgood-workouts.de, 1
 feeltennis.net, 1
 feen.us, 1
 fefelovalex.ru, 1
 fehngarten.de, 1
 fehnladen.de, 1
 feigling.net, 1
 feilen.de, 1
+feirlane.org, 0
 feisbed.com, 1
 feisim.com, 1
 feisim.org, 1
 feist.io, 1
 feistyduck.com, 1
 feitobrasilcosmeticos.com.br, 1
 fejes.house, 1
 feld.design, 1
@@ -9837,17 +9836,16 @@ frauenarzt-zinke.de, 1
 fraurichter.net, 1
 fraye.net, 1
 frbracch.it, 1
 frdl.ch, 1
 freaksites.dk, 1
 frebi.org, 1
 frebib.net, 1
 freddythechick.uk, 1
-frederik-braun.com, 1
 frederikschoell.de, 0
 fredliang.cn, 1
 fredloya.com, 1
 fredriksslekt.se, 1
 fredtec.ru, 1
 fredvoyage.fr, 1
 free-your-pc.com, 1
 free.com.tw, 1
@@ -10327,16 +10325,17 @@ gdevpenze.ru, 1
 gdgrzeszow.pl, 1
 gdhzcgs.com, 1
 gdiary.net, 1
 gdoce.es, 1
 gdutnic.com, 1
 gdv.me, 1
 gdz-otvety.com, 1
 gdz-spishy.com, 1
+gdz.tv, 1
 ge1.me, 0
 ge3k.net, 0
 gear-acquisition-syndrome.community, 1
 gearev.net, 1
 gearset.com, 1
 geaskb.nl, 1
 geass.xyz, 1
 geblitzt.de, 1
@@ -10345,18 +10344,16 @@ geborgen-wachsen.de, 1
 gebruikershandleiding.com, 1
 gecem.org, 1
 gechr.io, 1
 gedankenworks.com, 1
 geder.at, 1
 gee.is, 1
 geek-hub.de, 1
 geek.ch, 1
-geek.com.tw, 0
-geek.tw, 0
 geekabit.nl, 1
 geekandi.com, 1
 geekariom.com, 1
 geekbaba.com, 1
 geekbundle.org, 0
 geekchimp.com, 1
 geekclubbooks.com, 1
 geeklair.net, 1
@@ -10553,24 +10550,24 @@ geyduschek.be, 1
 gfast.ru, 1
 gfhgiro.nl, 0
 gfk-kunststoff-luebben.de, 1
 gflame.de, 1
 gflclan.ru, 1
 gforce.ninja, 1
 gfoss.eu, 1
 gfoss.gr, 1
-gfxbench.com, 1
 ggdcpt.com, 1
 gginin.today, 1
 ggl-luzern.ch, 1
 gglks.com, 1
 ggmmontascale.it, 1
 ggp2.com, 1
 ggrks-asano.com, 1
+ggs-marschallstrasse.de, 1
 ggs.jp, 1
 ggservers.com, 1
 ggss.cf, 1
 ggx.us, 1
 gha.st, 1
 ghaglund.se, 1
 ghcif.de, 1
 ghi.gov, 1
@@ -10885,17 +10882,17 @@ gpfclan.de, 1
 gplintegratedit.com, 1
 gprs.uk.com, 1
 gps.com.br, 1
 gpsarena.ro, 1
 gpsvideocanada.com, 1
 gpws.ovh, 1
 gr.search.yahoo.com, 0
 gra2.com, 1
-graasp.net, 1
+graasp.net, 0
 grabi.ga, 1
 grace-wan.com, 1
 gracebaking.com, 1
 gracedays.org, 1
 graceful-project.eu, 1
 gracethrufaith.com, 1
 gracetini.com, 1
 graciousmay.com, 1
@@ -11101,17 +11098,16 @@ gta-arabs.com, 1
 gta5voice.net, 1
 gtaforum.nl, 1
 gtalife.net, 1
 gtchipsi.org, 1
 gtcprojects.com, 1
 gtdgo.com, 1
 gtmasterclub.it, 0
 gtmetrix.com, 1
-gtopala.com, 1
 gtour.info, 1
 gtravers-basketmaker.co.uk, 1
 gtts.space, 1
 guarajubaimoveis.com.br, 1
 guardian360.nl, 1
 guardianproject.info, 1
 guardiansoftheearth.org, 1
 gudini.net, 1
@@ -11789,16 +11785,17 @@ hilchenba.ch, 1
 hill.selfip.net, 1
 hillsboroccpa.org, 1
 hilnu.com, 1
 hilti.ee, 0
 hilti.kz, 0
 hilti.lv, 0
 hiltonarubabeachservices.com, 1
 hiltonhyland.com, 1
+himens.com, 0
 hindmanfuneralhomes.com, 1
 hingle.me, 1
 hinkel-sohn.de, 1
 hinrich.de, 1
 hintergrundbewegung.de, 1
 hinterhofbu.de, 1
 hintermeier-rae.at, 1
 hinterposemuckel.de, 1
@@ -12257,16 +12254,17 @@ hybridworx.org, 1
 hycken.com, 1
 hyckenberg.com, 1
 hyderabadonlinegifts.com, 1
 hydra.zone, 1
 hydrante.ch, 1
 hydrasolutions.de, 1
 hydroagro.pl, 1
 hydrocloud.net, 1
+hydronyx.me, 1
 hydroturbine.info, 1
 hydrozone.fr, 1
 hygo.com, 1
 hyk.me, 1
 hylians.com, 1
 hymerscollege.co.uk, 1
 hynek.me, 1
 hype.ru, 1
@@ -12495,16 +12493,17 @@ ihc.im, 1
 ihkk.net, 1
 ihollaback.org, 1
 ihopeit.works, 1
 ihostup.net, 1
 ihotel.io, 1
 ihrhost.com, 1
 iideaz.org, 1
 iilin.com, 1
+iiong.com, 0
 iirii.com, 1
 ijohan.nl, 1
 ijsclubtilburg.nl, 1
 ikachalife.com, 1
 ikarate.ru, 1
 ikeacareers.co.uk, 1
 ikenmeyer.eu, 1
 ikeyless.com, 1
@@ -12846,17 +12845,16 @@ insside.net, 1
 inst.mobi, 1
 instafind.nl, 1
 instagram-atom.appspot.com, 1
 instagrammernews.com, 1
 instagramtweet.com, 1
 installgentoo.net, 1
 instant-hack.io, 1
 instant.io, 1
-instantkhabar.com, 1
 instantsubs.de, 1
 instasex.ch, 1
 instava.cz, 1
 instawi.com, 1
 instela.com, 1
 instelikes.com.br, 1
 instics.com, 1
 instinctive.io, 1
@@ -12974,17 +12972,16 @@ investingtrader.net, 1
 investir.ch, 1
 investor.gov, 1
 investorforms.com, 1
 investorloanshub.com, 1
 investpay.ru, 1
 invinsec.cloud, 1
 invinsec.com, 1
 invioinc.com, 1
-inviosolutions.com, 1
 invis.net, 1
 invisible-college.com, 1
 invisibles.ch, 1
 invisionita.com, 1
 invisiverse.com, 1
 invitescene.com, 1
 invoiced.com, 1
 invoicefinance.com, 1
@@ -13359,16 +13356,17 @@ jacobian.org, 1
 jacobphono.com, 1
 jacobsenarquitetura.com, 1
 jacuzziprozone.com, 1
 jadopado.com, 1
 jaegerlacke.de, 1
 jagerman.com, 1
 jaguarlandrover-asse.be, 1
 jaguarlandrover-occasions.be, 1
+jaguarwong.xyz, 1
 jahanaisamu.com, 1
 jahner.xyz, 1
 jahofmann.de, 1
 jailbreakingisnotacrime.org, 1
 jaimechanaga.com, 1
 jaion.ml, 1
 jaispirit.com, 1
 jaitnetworking.com, 0
@@ -14002,17 +14000,16 @@ justinellingwood.com, 1
 justinharrison.ca, 1
 justinho.com, 1
 justmy.website, 1
 justnu.se, 1
 justpaste.it, 1
 justupdate.me, 1
 justyy.com, 1
 justzz.xyz, 1
-jutella.de, 1
 jutlander-netbank.dk, 1
 jutlander.dk, 1
 juventusmania1897.com, 1
 juzgalo.com, 1
 jva-wuerzburg.de, 1
 jvanerp.nl, 1
 jvn.com, 1
 jvwdev.nl, 1
@@ -14709,17 +14706,16 @@ kondi.net, 1
 kondou-butsudan.com, 1
 kongar.org, 1
 konicaprinterdriver.com, 1
 koniecfica.sk, 1
 konijntjes.nl, 1
 konings.it, 1
 koningskwartiertje.nl, 1
 konklone.com, 1
-konkurs.ba, 1
 konoe.studio, 1
 konosuke.jp, 1
 konsertoversikt.no, 1
 kontakthuman.hu, 1
 kontaxis.org, 1
 kontorhaus-schlachte.de, 1
 konventseliten.se, 1
 konyalian.com, 1
@@ -15103,16 +15099,17 @@ lanseyujie.com, 1
 lansinoh.co.uk, 1
 lantian.pub, 1
 lanturtle.com, 1
 lanuovariviera.it, 1
 lanyang.tk, 1
 lanzamientovirtual.es, 1
 lanzarote-online.info, 1
 laos.dating, 1
+laospage.com, 1
 laozhu.me, 1
 lapassiondutrading.com, 1
 lapetition.be, 1
 lapidge.net, 1
 lapolla.com, 1
 laposte.net, 1
 lapotagere.ch, 1
 lapparente-aise.ch, 1
@@ -15298,17 +15295,17 @@ ledhouse.sk, 1
 ledzom.ru, 1
 lee-fuller.co.uk, 1
 leebiblestudycenter.co.uk, 1
 leebiblestudycenter.com, 1
 leebiblestudycentre.co.uk, 1
 leebiblestudycentre.com, 1
 leebiblestudycentre.net, 1
 leebiblestudycentre.org, 1
-leech360.com, 1
+leech360.com, 0
 leeclemens.net, 1
 leedev.org, 1
 leefindlow.com, 1
 leelou.wedding, 1
 leerkotte.eu, 1
 leerliga.de, 1
 leertipp.de, 1
 leesilvey.com, 1
@@ -15501,17 +15498,16 @@ lgsg.us, 1
 lhalbert.xyz, 1
 lhasaapso.com.br, 1
 lhconsult.tk, 1
 lheinrich.com, 1
 lheinrich.de, 1
 lheinrich.org, 1
 li-ke.co.jp, 1
 li.search.yahoo.com, 0
-liangji.com.tw, 0
 lianwen.kim, 1
 lianye1.cc, 1
 lianye2.cc, 1
 lianye3.cc, 1
 lianye4.cc, 1
 lianye5.cc, 1
 lianye6.cc, 1
 liaozheqi.cn, 1
@@ -16735,16 +16731,17 @@ matthiasschwab.de, 1
 matthiasweiler.de, 1
 matthijssen.info, 1
 mattia98.org, 1
 mattisam.com, 1
 mattli.us, 1
 mattmccutchen.net, 1
 mattonline.me, 1
 mattwb65.com, 1
+mattwservices.co.uk, 1
 matviet.vn, 1
 matze.co, 1
 matze.org, 1
 mauldincookfence.com, 1
 mauriciog.com.ar, 0
 mauricioghiorzi.com.ar, 0
 maury-moteurs.com, 1
 mavenclinic.com, 1
@@ -16795,17 +16792,16 @@ mayoristassexshop.com, 1
 maypolevilla.co.uk, 1
 mayrhofer.eu.org, 1
 mazda-mps.de, 1
 mazda-thermote.com, 1
 mazda626.net, 1
 maze.fr, 1
 mazternet.ru, 1
 mazurlabs.tk, 1
-mazzotta.me, 1
 mb-is.info, 1
 mbaestlein.de, 1
 mbardot.com, 1
 mbasic.facebook.com, 0
 mbcars.be, 1
 mbdrogenbos-usedcars.be, 1
 mbeo.ch, 1
 mbilker.us, 1
@@ -17828,17 +17824,17 @@ mpg.ovh, 1
 mpi-sa.fr, 1
 mpintaamalabanna.it, 1
 mplanetphl.fr, 1
 mplant.io, 1
 mplicka.cz, 1
 mplusm.eu, 1
 mpn.poker, 1
 mpnpokertour.com, 1
-mpreserver.com, 0
+mpreserver.com, 1
 mpserver12.org, 1
 mpsgarage.com.au, 1
 mpsoundcraft.com, 1
 mpy.ovh, 1
 mr-anderson.org, 1
 mr-labo.jp, 1
 mr-nachhilfe.de, 1
 mr-wolf.nl, 1
@@ -18571,17 +18567,16 @@ nellacms.org, 1
 nellafw.org, 1
 nellen.it, 1
 nemcd.com, 1
 nemecl.eu, 1
 nemez.net, 1
 nemo.run, 1
 nemumu.com, 1
 nemunai.re, 1
-neo19.com, 0
 neo2shyalien.eu, 0
 neobits.nl, 1
 neocities.org, 1
 neoclick.io, 1
 neojo.org, 1
 neokobe.city, 1
 neolaudia.es, 1
 neons.org, 1
@@ -19409,17 +19404,16 @@ okad.de, 1
 okad.eu, 1
 okakuro.org, 1
 okanaganrailtrail.ca, 1
 okay.cf, 1
 okay.coffee, 1
 okaz.de, 1
 okburrito.com, 1
 okchicas.com, 1
-oke.com.tw, 0
 okeeferanch.ca, 1
 okhrana.agency, 1
 okin-jp.net, 1
 oklahomamoversassociation.org, 1
 oklahomanotepro.com, 1
 okmx.de, 0
 okonetwork.org.uk, 1
 oktime.cz, 1
@@ -19480,16 +19474,17 @@ omniatv.com, 1
 omnibot.tv, 1
 omnienviro.com, 0
 omnienviro.com.au, 0
 omnisiens.se, 1
 omniverse.ru, 1
 omorashi.org, 1
 omranic.com, 1
 omronwellness.com, 1
+omsdieppe.fr, 1
 on-te.ch, 1
 on-tech.co.uk, 1
 onaboat.se, 1
 onarto.com, 1
 oncf.asso.fr, 1
 oncodedesign.com, 1
 ondrej.org, 1
 one---line.com, 1
@@ -19751,16 +19746,17 @@ oscarvk.ch, 1
 oscsdp.cz, 0
 osereso.tn, 1
 oses.mobi, 1
 osha-kimi.com, 1
 oshanko.de, 1
 oshayr.com, 1
 oshell.me, 1
 oshinagaki.jp, 1
+oshrc.gov, 1
 oskrba.net, 1
 oskuro.net, 1
 oslinux.net, 1
 osm.is, 1
 osmanlitorunu.com, 1
 osmosis.org, 1
 ospree.me, 1
 osquery.io, 1
@@ -19845,16 +19841,17 @@ own3d.ch, 1
 ownc.at, 1
 owngeek.com, 1
 ownit.se, 0
 ownmay.com, 1
 ownspec.com, 1
 oxanababy.com, 1
 oxborrow.ca, 1
 oxelie.com, 1
+oxro.co, 1
 oxygaming.com, 1
 oxymc.com, 1
 oxynux.xyz, 1
 oxytocin.org, 1
 oyoony.de, 1
 oyosoft.fr, 1
 ozark.be, 1
 oznamovacipovinnost.cz, 1
@@ -19918,17 +19915,17 @@ paichai.space, 1
 paindata.dk, 1
 painefamily.co.uk, 1
 painlessproperty.co.uk, 1
 painosso.org, 1
 paint-it.pink, 1
 paio2-rec.com, 1
 paio2.com, 1
 paipuman.jp, 1
-paizinhovirgula.com, 1
+paizinhovirgula.com, 0
 pajadam.me, 1
 pajowu.de, 1
 pajuvuo.fi, 1
 paketkreditsuzuki.com, 1
 paketwatch.de, 1
 pakho.xyz, 1
 pakistani.dating, 1
 pakitow.fr, 1
@@ -20210,17 +20207,16 @@ paypro.nl, 0
 payroll.xero.com, 0
 paysera.com, 1
 payslipview.com, 1
 payssaintgilles.fr, 1
 paystack.com, 1
 paytm.in, 1
 payupay.ru, 1
 payzang.com, 1
-pback.se, 1
 pbcknd.ml, 1
 pbosquet.com, 1
 pbraunschdash.com, 1
 pbreen.co.uk, 1
 pbrumby.com, 1
 pbscreens.com, 1
 pbytes.com, 1
 pbz.im, 1
@@ -20782,17 +20778,16 @@ playwhyyza.com, 1
 pldx.org, 1
 please-deny.me, 1
 pleasure-science.com, 1
 pleine-conscience.ch, 1
 plen.io, 1
 plenigo.com, 1
 plexhome13.ddns.net, 1
 plexi.dyndns.tv, 1
-plextv.de, 1
 plexusmd.com, 1
 plinc.co, 1
 pliosoft.com, 1
 plitu.de, 1
 ploader.ru, 1
 plongee-phuket.fr, 1
 ploofer.com, 1
 plot.ly, 1
@@ -21032,17 +21027,16 @@ potpourrifestival.de, 1
 potrillionaires.com, 1
 potterscraftcider.com, 1
 pottshome.co.uk, 1
 potworowski.de, 1
 pouet.it, 1
 pouets.ovh, 1
 poupatempo.org, 1
 pourlesenfants.info, 1
-pourmesloisirs.com, 1
 pourout.org, 1
 povareschka.ru, 1
 powdersnow.top, 1
 power-coonies.de, 1
 power-fit.org, 1
 power-flowengineer.com, 1
 power-tools24.com, 1
 powerb.ch, 1
@@ -22755,16 +22749,17 @@ rue-de-la-vieille.fr, 1
 ruedirrenggli.ch, 1
 ruerte.net, 1
 rufabula-com.appspot.com, 1
 ruffbeatz.com, 1
 rugby.video, 1
 rugk.dedyn.io, 1
 rugstorene.co.uk, 1
 ruh-veit.de, 1
+ruhr3.de, 1
 ruhrmobil-e.de, 1
 ruhrnalist.de, 1
 ruht.ro, 1
 ruigomes.me, 1
 ruja.dk, 1
 ruk.ca, 1
 rukhaiyar.com, 1
 rullzer.com, 1
@@ -23692,17 +23687,16 @@ serverpedia.de, 1
 serverstuff.info, 1
 serversuit.com, 1
 servertastic.com, 1
 servethecity-karlsruhe.de, 1
 servfefe.com, 1
 servgate.jp, 1
 service.gov.uk, 1
 serviceboss.de, 1
-servicevie.com, 1
 serviettenhaus.de, 1
 servingbaby.com, 1
 servpanel.de, 1
 serw.org, 1
 seryovpn.com, 1
 seryox.com, 1
 sesha.co.za, 1
 sesslerimmo.ch, 1
@@ -24251,17 +24245,16 @@ skarox.net, 1
 skarox.ru, 1
 skatclub-beratzhausen.de, 1
 skates.guru, 1
 skatingchina.com, 1
 skatn.de, 1
 skazka.ru, 1
 skday.com, 1
 skeeley.com, 1
-skei.org, 1
 skepticalsports.com, 1
 sketchmyroom.com, 1
 sketchywebsite.net, 1
 skhoop.cz, 1
 skia.org, 0
 skifairview.com, 1
 skigebiete-test.de, 1
 skiinstructor.services, 1
@@ -24997,16 +24990,17 @@ staatsschutz.at, 1
 staatsschutzgesetz.at, 1
 stablelib.com, 1
 staceyhankeinc.com, 1
 stackptr.com, 1
 stacktile.io, 0
 stadionmanager.com, 1
 stadm.com, 1
 stadt-apotheke-muensingen.de, 1
+stadterneuerung-hwb.de, 1
 stadtgartenla.com, 1
 stadtpapa.de, 1
 stadtplan-ilmenau.de, 1
 stage-props-blank-guns.com, 0
 stage.wepay.com, 0
 stage4.ch, 1
 stageirites.com, 1
 stageirites.fr, 1
@@ -25364,17 +25358,16 @@ stuka-art.de, 1
 stulda.cz, 1
 stumeta.de, 1
 stumeta2018.de, 1
 stumf.si, 1
 stuntmen.xyz, 1
 stupendous.net, 1
 stupidstatetricks.com, 1
 sturbi.de, 1
-sturdio.com.br, 1
 sturge.co.uk, 1
 stutelage.com, 1
 stuttgart-gablenberg.de, 1
 stuudium.com, 1
 stuur.nl, 0
 stuvel.eu, 1
 stw-group.at, 1
 stygium.net, 0
@@ -25836,17 +25829,16 @@ tateesq.com, 1
 tatiloley.com, 1
 tatort-fanpage.de, 1
 tatsidou.gr, 1
 tattoo.dating, 1
 tattvaayoga.com, 1
 tavolaquadrada.com.br, 1
 tavsys.net, 1
 taxaroo.com, 1
-taxi-24std.de, 1
 taxi-chamonix.fr, 1
 taxi-collectif.ch, 1
 taxicollectif.ch, 1
 taxis-collectifs.ch, 1
 taxisafmatosinhos.pt, 1
 taxiscollectifs.ch, 1
 taxlab.co.nz, 1
 taxmadras.com, 1
@@ -26278,17 +26270,16 @@ thedrinks.co, 1
 thedronechart.com, 1
 thedrunkencabbage.com, 1
 thedutchmarketers.com, 1
 theebookkeepers.co.za, 1
 theeducationchannel.info, 1
 theeducationdirectory.org, 1
 theevergreen.me, 1
 theexpatriate.de, 1
-theeyeopener.com, 1
 thefbstalker.com, 1
 theferrarista.com, 1
 theflyingbear.net, 1
 thefnafarchive.org, 1
 thefox.co, 1
 thefox.com.fr, 1
 thefrk.pw, 1
 thegamerscamp.com, 1
@@ -26612,16 +26603,17 @@ timdoug.com, 1
 time2060.ru, 1
 time22.com, 1
 timeatlas.com, 1
 timeauction.hk, 1
 timebox.tk, 1
 timeglass.de, 1
 timer.fit, 1
 timersuite.com, 1
+timetab.org, 1
 timetotrade.com, 1
 timewasters.nl, 1
 timfiedler.net, 1
 timing.com.br, 1
 timmersgems.com, 1
 timmy.im, 1
 timmy.ws, 1
 timmyrs.de, 1
@@ -26820,16 +26812,17 @@ tombaker.me, 1
 tomberek.info, 1
 tombrossman.com, 1
 tomcort.com, 1
 tomdudfield.com, 1
 tomend.es, 1
 tomfisher.eu, 1
 tomharling.co.uk, 1
 tomharling.uk, 1
+tomharris.tech, 1
 tomi.cc, 1
 tomica.me, 1
 tomiler.com, 1
 tomjonsson.se, 1
 tomkunze.de, 1
 tomli.blog, 1
 tomm.yt, 1
 tommic.eu, 1
@@ -27744,17 +27737,16 @@ urbalex.ch, 1
 urban-culture.fr, 1
 urban.melbourne, 1
 urbanesecurity.com, 1
 urbanguerillas.de, 1
 urbanietz-immobilien.de, 1
 urbanmelbourne.info, 1
 urbannewsservice.com, 1
 urbansparrow.in, 1
-urbanstylestaging.com, 1
 urbanwildlifealliance.org, 1
 urbexdk.nl, 1
 urcentral.com, 1
 urcentral.org, 1
 ureka.org, 1
 urgences-valais.ch, 1
 uripura.de, 1
 urist1011.ru, 1
@@ -27846,17 +27838,16 @@ v2bv.win, 1
 v2ex.com, 1
 va-reitartikel.com, 1
 vaaddress.co, 1
 vacationfund.co, 1
 vacationscostarica.com, 1
 vaccines.gov, 1
 vaclavambroz.cz, 1
 vacuumpump.co.id, 1
-vacuumreviewcenter.com, 1
 vadennissanofhiltonheadparts.com, 1
 vadennissanofhinesvilleparts.com, 1
 vadik.me, 1
 vaeplatform.com, 1
 vaew.com, 1
 vagabond.fr, 1
 vagabondgal.com, 1
 vagmour.eu, 1
@@ -29709,16 +29700,17 @@ xombitmusic.com, 1
 xombra.com, 1
 xonn.de, 1
 xotika.tv, 1
 xp2.de, 1
 xpd.se, 1
 xpenology-fr.net, 1
 xperidia.com, 1
 xpj.bet, 1
+xpjcunkuan.com, 1
 xpletus.nl, 1
 xplore-dna.net, 1
 xpressprint.com.br, 1
 xps2pdf.co.uk, 1
 xpwn.cz, 1
 xqin.net, 1
 xr.cx, 1
 xrippedhd.com, 1
@@ -29855,18 +29847,16 @@ yelp.pt, 1
 yelp.se, 1
 yemalu.com, 1
 yemekbaz.az, 1
 yep-pro.ch, 1
 yepbitcoin.com, 1
 yephy.com, 1
 yesfone.com.br, 1
 yesiammaisey.me, 1
-yesonline.asia, 0
-yesonline.me, 0
 yeswehack.com, 1
 yetii.net, 1
 yetzt.me, 0
 yeu.io, 1
 yfengs.moe, 1
 yffengshi.ml, 1
 yggdar.ga, 1
 yhaupenthal.org, 1
@@ -30108,23 +30098,25 @@ zakcutner.uk, 1
 zakladam.cz, 1
 zakmccrac.de, 1
 zakr.es, 1
 zalamea.ph, 1
 zalan.do, 1
 zamis.net, 1
 zamocosmeticos.com.br, 1
 zamow.co, 1
+zandcell.com, 1
 zanthra.com, 1
 zaoext.com, 1
 zapier.com, 1
 zappbuildapps.com, 1
 zaratan.fr, 1
 zarmarket.org, 1
 zarpo.com.br, 1
+zary.me, 1
 zaufanatrzeciastrona.pl, 1
 zavec.com.ec, 1
 zavetaji.lv, 1
 zawo-electric.de, 1
 zbasenem.pl, 1
 zbchen.com, 1
 zberger.com, 1
 zbetcheck.in, 1
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -116,16 +116,26 @@ const NO_FLAGS = 0;
 // with no newlines or BEGIN/END headers. This is a helper function to convert
 // PEM to the format that nsIX509CertDB requires.
 function pemToBase64(pem) {
   return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
             .replace(/-----END CERTIFICATE-----/, "")
             .replace(/[\r\n]/g, "");
 }
 
+function build_cert_chain(certNames) {
+  let certList = Cc["@mozilla.org/security/x509certlist;1"]
+                   .createInstance(Ci.nsIX509CertList);
+  certNames.forEach(function(certName) {
+    let cert = constructCertFromFile("bad_certs/" + certName + ".pem");
+    certList.addCert(cert);
+  });
+  return certList;
+}
+
 function readFile(file) {
   let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
                   .createInstance(Ci.nsIFileInputStream);
   fstream.init(file, -1, 0, 0);
   let data = NetUtil.readInputStreamToString(fstream, fstream.available());
   fstream.close();
   return data;
 }
@@ -697,39 +707,48 @@ function add_cert_override(aHost, aExpec
               "Actual error message should match expected error regexp");
   }
   let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
                                .SSLStatus;
   let bits =
     (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
     (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
     (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
+
   Assert.equal(bits, aExpectedBits,
                "Actual and expected override bits should match");
   let cert = sslstatus.serverCert;
   let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
                               .getService(Ci.nsICertOverrideService);
   certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
                                                true);
 }
 
 // Given a host, expected error bits (see nsICertOverrideService.idl), an
 // expected error code, and optionally a regular expression that the resulting
 // error message must match, tests that an initial connection to the host fails
 // with the expected errors and that adding an override results in a subsequent
 // connection succeeding.
 function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
-                                aExpectedErrorRegexp = undefined) {
+                                aExpectedErrorRegexp = undefined,
+                                aExpectedSSLStatus = undefined) {
   add_connection_test(aHost, aExpectedError, null,
                       add_cert_override.bind(this, aHost, aExpectedBits,
                                              aExpectedErrorRegexp));
   add_connection_test(aHost, PRErrorCodeSuccess, null, aSecurityInfo => {
     Assert.ok(aSecurityInfo.securityState &
               Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
               "Cert override flag should be set on the security state");
+    if (aExpectedSSLStatus) {
+      let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+                                  .SSLStatus;
+      if (aExpectedSSLStatus.failedCertChain) {
+        ok(aExpectedSSLStatus.failedCertChain.equals(sslstatus.failedCertChain));
+      }
+    }
   });
 }
 
 // Helper function for add_prevented_cert_override_test. This is much like
 // add_cert_override except it may not be the case that the connection has an
 // SSLStatus set on it. In this case, the error was not overridable anyway, so
 // we consider it a success.
 function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
--- a/security/manager/ssl/tests/unit/test_cert_chains.js
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -1,25 +1,15 @@
 // -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 "use strict";
 
-function build_cert_chain(certNames) {
-  let certList = Cc["@mozilla.org/security/x509certlist;1"]
-                   .createInstance(Ci.nsIX509CertList);
-  certNames.forEach(function(certName) {
-    let cert = constructCertFromFile("bad_certs/" + certName + ".pem");
-    certList.addCert(cert);
-  });
-  return certList;
-}
-
 function test_cert_equals() {
   let certA = constructCertFromFile("bad_certs/default-ee.pem");
   let certB = constructCertFromFile("bad_certs/default-ee.pem");
   let certC = constructCertFromFile("bad_certs/expired-ee.pem");
 
   ok(certA != certB,
      "Cert objects constructed from the same file should not be equal" +
      " according to the equality operators");
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ssl_status.js
@@ -0,0 +1,55 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+do_get_profile();
+
+function run_test() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  // Test successful connection (failedCertChain should be null,
+  // succeededCertChain should be set as expected)
+  add_connection_test(
+    "good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
+    function withSecurityInfo(aSSLStatus) {
+      let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
+      equal(sslstatus.failedCertChain, null,
+            "failedCertChain for a successful connection should be null");
+      ok(sslstatus.succeededCertChain.equals(build_cert_chain(["default-ee", "test-ca"])),
+            "succeededCertChain for a successful connection should be as expected");
+    }
+  );
+
+  // Test failed connection (failedCertChain should be set as expected,
+  // succeededCertChain should be null)
+  add_connection_test(
+    "expired.example.com", SEC_ERROR_EXPIRED_CERTIFICATE, null,
+    function withSecurityInfo(aSSLStatus) {
+      let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
+      equal(sslstatus.succeededCertChain, null,
+            "succeededCertChain for a failed connection should be null");
+      ok(sslstatus.failedCertChain.equals(build_cert_chain(["expired-ee", "test-ca"])),
+            "failedCertChain for a failed connection should be as expected");
+    }
+  );
+
+  // Ensure the correct failed cert chain is set on cert override
+  let overrideStatus = {
+    failedCertChain: build_cert_chain(["expired-ee", "test-ca"])
+  };
+  add_cert_override_test("expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_EXPIRED_CERTIFICATE, undefined,
+                         overrideStatus);
+
+  run_next_test();
+}
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -146,16 +146,17 @@ requesttimeoutfactor = 2
 [test_sdr_preexisting_with_password.js]
 # Not relevant to Android. See the comment in the test.
 skip-if = toolkit == 'android'
 [test_session_resumption.js]
 run-sequentially = hardcoded ports
 [test_signed_apps.js]
 [test_signed_dir.js]
 tags = addons psm
+[test_ssl_status.js]
 [test_sss_enumerate.js]
 [test_sss_eviction.js]
 [test_sss_originAttributes.js]
 [test_sss_readstate.js]
 [test_sss_readstate_child.js]
 support-files = sss_readstate_child_worker.js
 # bug 1124289 - run_test_in_child violates the sandbox on android
 skip-if = toolkit == 'android'
--- a/servo/components/style/dom.rs
+++ b/servo/components/style/dom.rs
@@ -383,16 +383,25 @@ pub trait TElement
         while let Some(parent) = curr.traversal_parent() {
             depth += 1;
             curr = parent;
         }
 
         depth
     }
 
+    /// The style scope of this element is a node that represents which rules
+    /// apply to the element.
+    ///
+    /// In Servo, where we don't know about Shadow DOM or XBL, the style scope
+    /// is always the document.
+    fn style_scope(&self) -> Self::ConcreteNode {
+        self.as_node().owner_doc().as_node()
+    }
+
     /// Get this node's parent element from the perspective of a restyle
     /// traversal.
     fn traversal_parent(&self) -> Option<Self> {
         self.as_node().traversal_parent()
     }
 
     /// Get this node's children from the perspective of a restyle traversal.
     fn traversal_children(&self) -> LayoutIterator<Self::TraversalChildrenIterator>;
@@ -733,24 +742,26 @@ pub trait TElement
     /// Returns the anonymous content for the current element's XBL binding,
     /// given if any.
     ///
     /// This is used in Gecko for XBL and shadow DOM.
     fn xbl_binding_anonymous_content(&self) -> Option<Self::ConcreteNode> {
         None
     }
 
-    /// Returns the rule hash target given an element.
+    /// Return the element which we can use to look up rules in the selector
+    /// maps.
+    ///
+    /// This is always the element itself, except in the case where we are an
+    /// element-backed pseudo-element, in which case we return the originating
+    /// element.
     fn rule_hash_target(&self) -> Self {
         let is_implemented_pseudo =
             self.implemented_pseudo_element().is_some();
 
-        // NB: This causes use to rule has pseudo selectors based on the
-        // properties of the originating element (which is fine, given the
-        // find_first_from_right usage).
         if is_implemented_pseudo {
             self.closest_non_native_anonymous_ancestor().unwrap()
         } else {
             *self
         }
     }
 
     /// Implements Gecko's `nsBindingManager::WalkRules`.
--- a/servo/components/style/gecko/wrapper.rs
+++ b/servo/components/style/gecko/wrapper.rs
@@ -514,18 +514,23 @@ impl<'le> GeckoElement<'le> {
     fn get_extended_slots(
         &self,
     ) -> Option<&structs::FragmentOrElement_nsExtendedDOMSlots> {
         self.get_dom_slots()
             .and_then(|s| unsafe { s.mExtendedSlots.mPtr.as_ref() })
     }
 
     #[inline]
+    fn may_be_in_binding_manager(&self) -> bool {
+        self.flags() & (structs::NODE_MAY_BE_IN_BINDING_MNGR as u32) != 0
+    }
+
+    #[inline]
     fn get_xbl_binding(&self) -> Option<GeckoXBLBinding<'le>> {
-        if self.flags() & (structs::NODE_MAY_BE_IN_BINDING_MNGR as u32) == 0 {
+        if !self.may_be_in_binding_manager() {
             return None;
         }
 
         unsafe { bindings::Gecko_GetXBLBinding(self.0).map(GeckoXBLBinding) }
     }
 
     #[inline]
     fn get_xbl_binding_with_content(&self) -> Option<GeckoXBLBinding<'le>> {
@@ -548,19 +553,21 @@ impl<'le> GeckoElement<'le> {
             // where the binding parent is stored in a member variable
             // rather than in slots.  So just get it through FFI for now.
             unsafe {
                 bindings::Gecko_GetBindingParent(self.0).map(GeckoElement)
             }
         } else {
             let binding_parent = unsafe {
                 self.get_non_xul_xbl_binding_parent_raw_content().as_ref()
-            }.map(GeckoNode::from_content)
-                .and_then(|n| n.as_element());
-            debug_assert!(binding_parent == unsafe { bindings::Gecko_GetBindingParent(self.0).map(GeckoElement) });
+            }.map(GeckoNode::from_content).and_then(|n| n.as_element());
+
+            debug_assert!(binding_parent == unsafe {
+                bindings::Gecko_GetBindingParent(self.0).map(GeckoElement)
+            });
             binding_parent
         }
     }
 
     fn get_non_xul_xbl_binding_parent_raw_content(&self) -> *mut nsIContent {
         debug_assert!(!self.is_xul_element());
         self.get_extended_slots()
             .map_or(ptr::null_mut(), |slots| slots.mBindingParent)
@@ -920,16 +927,38 @@ impl<'le> TElement for GeckoElement<'le>
     fn before_pseudo_element(&self) -> Option<Self> {
         self.get_before_or_after_pseudo(/* is_before = */ true)
     }
 
     fn after_pseudo_element(&self) -> Option<Self> {
         self.get_before_or_after_pseudo(/* is_before = */ false)
     }
 
+    /// Ensure this accurately represents the rules that an element may ever
+    /// match, even in the native anonymous content case.
+    fn style_scope(&self) -> Self::ConcreteNode {
+        if self.implemented_pseudo_element().is_some() {
+            return self.closest_non_native_anonymous_ancestor().unwrap().style_scope();
+        }
+
+        if self.is_in_native_anonymous_subtree() {
+            return self.as_node().owner_doc().as_node();
+        }
+
+        if self.get_xbl_binding().is_some() {
+            return self.as_node();
+        }
+
+        if let Some(parent) = self.get_xbl_binding_parent() {
+            return parent.as_node();
+        }
+
+        self.as_node().owner_doc().as_node()
+    }
+
     /// Execute `f` for each anonymous content child element (apart from
     /// ::before and ::after) whose originating element is `self`.
     fn each_anonymous_content_child<F>(&self, mut f: F)
     where
         F: FnMut(Self),
     {
         let array: *mut structs::nsTArray<*mut nsIContent> =
             unsafe { bindings::Gecko_GetAnonymousContentForElement(self.0) };
--- a/servo/components/style/sharing/checks.rs
+++ b/servo/components/style/sharing/checks.rs
@@ -1,17 +1,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 //! Different checks done during the style sharing process in order to determine
 //! quickly whether it's worth to share style, and whether two different
 //! elements can indeed share the same style.
 
-use Atom;
 use bloom::StyleBloom;
 use context::{SelectorFlagsMap, SharedStyleContext};
 use dom::TElement;
 use selectors::NthIndexCache;
 use sharing::{StyleSharingCandidate, StyleSharingTarget};
 
 /// Determines whether a target and a candidate have compatible parents for sharing.
 pub fn parents_allow_sharing<E>(
@@ -91,24 +90,26 @@ pub fn have_same_class<E>(target: &mut S
 
 /// Whether a given element and a candidate match the same set of "revalidation"
 /// selectors.
 ///
 /// Revalidation selectors are those that depend on the DOM structure, like
 /// :first-child, etc, or on attributes that we don't check off-hand (pretty
 /// much every attribute selector except `id` and `class`.
 #[inline]
-pub fn revalidate<E>(target: &mut StyleSharingTarget<E>,
-                     candidate: &mut StyleSharingCandidate<E>,
-                     shared_context: &SharedStyleContext,
-                     bloom: &StyleBloom<E>,
-                     nth_index_cache: &mut NthIndexCache,
-                     selector_flags_map: &mut SelectorFlagsMap<E>)
-                     -> bool
-    where E: TElement,
+pub fn revalidate<E>(
+    target: &mut StyleSharingTarget<E>,
+    candidate: &mut StyleSharingCandidate<E>,
+    shared_context: &SharedStyleContext,
+    bloom: &StyleBloom<E>,
+    nth_index_cache: &mut NthIndexCache,
+    selector_flags_map: &mut SelectorFlagsMap<E>,
+) -> bool
+where
+    E: TElement,
 {
     let stylist = &shared_context.stylist;
 
     let for_element = target.revalidation_match_results(
         stylist,
         bloom,
         nth_index_cache,
         selector_flags_map,
@@ -125,30 +126,39 @@ pub fn revalidate<E>(target: &mut StyleS
     // comparing represent the same set of selectors.
     debug_assert_eq!(for_element.len(), for_candidate.len());
 
     for_element == for_candidate
 }
 
 /// Checks whether we might have rules for either of the two ids.
 #[inline]
-pub fn may_have_rules_for_ids(shared_context: &SharedStyleContext,
-                              element_id: Option<&Atom>,
-                              candidate_id: Option<&Atom>) -> bool
+pub fn may_match_different_id_rules<E>(
+    shared_context: &SharedStyleContext,
+    element: E,
+    candidate: E,
+) -> bool
+where
+    E: TElement,
 {
-    // We shouldn't be called unless the ids are different.
-    debug_assert!(element_id.is_some() || candidate_id.is_some());
+    let element_id = element.get_id();
+    let candidate_id = candidate.get_id();
+
+    if element_id == candidate_id {
+        return false;
+    }
+
     let stylist = &shared_context.stylist;
 
     let may_have_rules_for_element = match element_id {
-        Some(id) => stylist.may_have_rules_for_id(id),
+        Some(ref id) => stylist.may_have_rules_for_id(id, element),
         None => false
     };
 
     if may_have_rules_for_element {
         return true;
     }
 
     match candidate_id {
-        Some(id) => stylist.may_have_rules_for_id(id),
+        Some(ref id) => stylist.may_have_rules_for_id(id, candidate),
         None => false
     }
 }
--- a/servo/components/style/sharing/mod.rs
+++ b/servo/components/style/sharing/mod.rs
@@ -201,20 +201,21 @@ impl ValidationData {
     #[inline]
     fn revalidation_match_results<E, F>(
         &mut self,
         element: E,
         stylist: &Stylist,
         bloom: &StyleBloom<E>,
         nth_index_cache: &mut NthIndexCache,
         bloom_known_valid: bool,
-        flags_setter: &mut F
+        flags_setter: &mut F,
     ) -> &SmallBitVec
-        where E: TElement,
-              F: FnMut(&E, ElementSelectorFlags),
+    where
+        E: TElement,
+        F: FnMut(&E, ElementSelectorFlags),
     {
         if self.revalidation_match_results.is_none() {
             // The bloom filter may already be set up for our element.
             // If it is, use it.  If not, we must be in a candidate
             // (i.e. something in the cache), and the element is one
             // of our cousins, not a sibling.  In that case, we'll
             // just do revalidation selector matching without a bloom
             // filter, to avoid thrashing the filter.
@@ -225,20 +226,22 @@ impl ValidationData {
             } else {
                 if bloom.current_parent() == element.traversal_parent() {
                     Some(bloom.filter())
                 } else {
                     None
                 }
             };
             self.revalidation_match_results =
-                Some(stylist.match_revalidation_selectors(&element,
-                                                          bloom_to_use,
-                                                          nth_index_cache,
-                                                          flags_setter));
+                Some(stylist.match_revalidation_selectors(
+                    element,
+                    bloom_to_use,
+                    nth_index_cache,
+                    flags_setter,
+                ));
         }
 
         self.revalidation_match_results.as_ref().unwrap()
     }
 }
 
 /// Information regarding a style sharing candidate, that is, an entry in the
 /// style sharing cache.
@@ -656,16 +659,25 @@ impl<E: TElement> StyleSharingCache<E> {
 
         if target.is_native_anonymous() {
             debug_assert!(!candidate.element.is_native_anonymous(),
                           "Why inserting NAC into the cache?");
             trace!("Miss: Native Anonymous Content");
             return None;
         }
 
+        // Note that in the XBL case, we should be able to assert that the
+        // scopes are different, since two elements with different XBL bindings
+        // need to necessarily have different style (and thus children of them
+        // would never pass the parent check).
+        if target.element.style_scope() != candidate.element.style_scope() {
+            trace!("Miss: Different style scopes");
+            return None;
+        }
+
         if *target.get_local_name() != *candidate.element.get_local_name() {
             trace!("Miss: Local Name");
             return None;
         }
 
         if *target.get_namespace() != *candidate.element.get_namespace() {
             trace!("Miss: Namespace");
             return None;
@@ -685,25 +697,27 @@ impl<E: TElement> StyleSharingCache<E> {
         // We do not ignore visited state here, because Gecko
         // needs to store extra bits on visited style contexts,
         // so these contexts cannot be shared
         if target.element.get_state() != candidate.get_state() {
             trace!("Miss: User and Author State");
             return None;
         }
 
-        let element_id = target.element.get_id();
-        let candidate_id = candidate.element.get_id();
-        if element_id != candidate_id {
-            // It's possible that there are no styles for either id.
-            if checks::may_have_rules_for_ids(shared, element_id.as_ref(),
-                                              candidate_id.as_ref()) {
-                trace!("Miss: ID Attr");
-                return None;
-            }
+        // It's possible that there are no styles for either id.
+        let may_match_different_id_rules =
+            checks::may_match_different_id_rules(
+                shared,
+                target.element,
+                candidate.element,
+            );
+
+        if may_match_different_id_rules {
+            trace!("Miss: ID Attr");
+            return None;
         }
 
         if !checks::have_same_style_attribute(target, candidate) {
             trace!("Miss: Style Attr");
             return None;
         }
 
         if !checks::have_same_class(target, candidate) {
--- a/servo/components/style/stylist.rs
+++ b/servo/components/style/stylist.rs
@@ -1404,36 +1404,55 @@ impl Stylist {
         } else {
             debug!("skipping transition rules");
         }
     }
 
     /// Given an id, returns whether there might be any rules for that id in any
     /// of our rule maps.
     #[inline]
-    pub fn may_have_rules_for_id(&self, id: &Atom) -> bool {
-        self.cascade_data
-            .iter_origins()
-            .any(|(d, _)| d.mapped_ids.might_contain_hash(id.get_hash()))
+    pub fn may_have_rules_for_id<E>(
+        &self,
+        id: &Atom,
+        element: E,
+    ) -> bool
+    where
+        E: TElement,
+    {
+        let hash = id.get_hash();
+        for (data, _) in self.cascade_data.iter_origins() {
+            if data.mapped_ids.might_contain_hash(hash) {
+                return true;
+            }
+        }
+
+        let mut xbl_rules_may_contain = false;
+
+        element.each_xbl_stylist(|stylist| {
+            xbl_rules_may_contain = xbl_rules_may_contain ||
+                stylist.cascade_data.author.mapped_ids.might_contain_hash(hash)
+        });
+
+        xbl_rules_may_contain
     }
 
     /// Returns the registered `@keyframes` animation for the specified name.
     #[inline]
     pub fn get_animation(&self, name: &Atom) -> Option<&KeyframesAnimation> {
         self.cascade_data
             .iter_origins()
             .filter_map(|(d, _)| d.animations.get(name))
             .next()
     }
 
     /// Computes the match results of a given element against the set of
     /// revalidation selectors.
     pub fn match_revalidation_selectors<E, F>(
         &self,
-        element: &E,
+        element: E,
         bloom: Option<&BloomFilter>,
         nth_index_cache: &mut NthIndexCache,
         flags_setter: &mut F
     ) -> SmallBitVec
     where
         E: TElement,
         F: FnMut(&E, ElementSelectorFlags),
     {
@@ -1449,32 +1468,50 @@ impl Stylist {
         // Note that, by the time we're revalidating, we're guaranteed that the
         // candidate and the entry have the same id, classes, and local name.
         // This means we're guaranteed to get the same rulehash buckets for all
         // the lookups, which means that the bitvecs are comparable. We verify
         // this in the caller by asserting that the bitvecs are same-length.
         let mut results = SmallBitVec::new();
         for (data, _) in self.cascade_data.iter_origins() {
             data.selectors_for_cache_revalidation.lookup(
-                *element,
+                element,
                 self.quirks_mode,
                 &mut |selector_and_hashes| {
                     results.push(matches_selector(
                         &selector_and_hashes.selector,
                         selector_and_hashes.selector_offset,
                         Some(&selector_and_hashes.hashes),
-                        element,
+                        &element,
                         &mut matching_context,
                         flags_setter
                     ));
                     true
                 }
             );
         }
 
+        element.each_xbl_stylist(|stylist| {
+            stylist.cascade_data.author.selectors_for_cache_revalidation.lookup(
+                element,
+                stylist.quirks_mode,
+                &mut |selector_and_hashes| {
+                    results.push(matches_selector(
+                        &selector_and_hashes.selector,
+                        selector_and_hashes.selector_offset,
+                        Some(&selector_and_hashes.hashes),
+                        &element,
+                        &mut matching_context,
+                        flags_setter
+                    ));
+                    true
+                }
+            );
+        });
+
         results
     }
 
     /// Computes styles for a given declaration with parent_style.
     pub fn compute_for_declarations(
         &self,
         guards: &StylesheetGuards,
         parent_style: &ComputedValues,
new file mode 100644
--- /dev/null
+++ b/servo/moz.build
@@ -0,0 +1,26 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Firefox", "General")
+
+with Files("components/style/**"):
+    BUG_COMPONENT = ("Core", "CSS Parsing and Computation")
+
+with Files("components/style_derive/**"):
+    BUG_COMPONENT = ("Core", "CSS Parsing and Computation")
+
+with Files("components/style_traits/**"):
+    BUG_COMPONENT = ("Core", "CSS Parsing and Computation")
+
+with Files("components/selectors/**"):
+    BUG_COMPONENT = ("Core", "CSS Parsing and Computation")
+
+with Files("ports/geckolib/**"):
+    BUG_COMPONENT = ("Core", "CSS Parsing and Computation")
+
+with Files("tests/unit/style/**"):
+    BUG_COMPONENT = ("Core", "CSS Parsing and Computation")
--- a/testing/marionette/client/marionette_driver/marionette.py
+++ b/testing/marionette/client/marionette_driver/marionette.py
@@ -1091,17 +1091,20 @@ class Marionette(object):
                          be used to trigger the shutdown.
         """
         if not self.instance:
             raise errors.MarionetteException("quit() can only be called "
                                              "on Gecko instances launched by Marionette")
 
         cause = None
         if in_app:
-            if callable(callback):
+            if callback is not None:
+                if not callable(callback):
+                    raise ValueError("Specified callback '{}' is not callable".format(callback))
+
                 self._send_message("acceptConnections", {"value": False})
                 callback()
             else:
                 cause = self._request_in_app_shutdown()
 
             # Ensure to explicitely mark the session as deleted
             self.delete_session(send_request=False, reset_session_id=True)
 
@@ -1143,17 +1146,20 @@ class Marionette(object):
                                              "on Gecko instances launched by Marionette")
         context = self._send_message("getContext", key="value")
 
         cause = None
         if in_app:
             if clean:
                 raise ValueError("An in_app restart cannot be triggered with the clean flag set")
 
-            if callable(callback):
+            if callback is not None:
+                if not callable(callback):
+                    raise ValueError("Specified callback '{}' is not callable".format(callback))
+
                 self._send_message("acceptConnections", {"value": False})
                 callback()
             else:
                 cause = self._request_in_app_shutdown("eRestart")
 
             # Ensure to explicitely mark the session as deleted
             self.delete_session(send_request=False, reset_session_id=True)
 
--- a/testing/marionette/harness/marionette_harness/tests/unit/test_quit_restart.py
+++ b/testing/marionette/harness/marionette_harness/tests/unit/test_quit_restart.py
@@ -218,17 +218,21 @@ class TestQuitRestart(MarionetteTestCase
 
         try:
             self.assertFalse(self.is_safe_mode, "Safe Mode is unexpectedly enabled")
             self.marionette.restart(in_app=True, callback=restart_in_safe_mode)
             self.assertTrue(self.is_safe_mode, "Safe Mode is not enabled")
         finally:
             self.marionette.quit(clean=True)
 
-    def test_in_app_restart_with_callback_no_shutdown(self):
+    def test_in_app_restart_with_callback_not_callable(self):
+        with self.assertRaisesRegexp(ValueError, "is not callable"):
+            self.marionette.restart(in_app=True, callback=4)
+
+    def test_in_app_restart_with_callback_missing_shutdown(self):
         try:
             timeout_startup = self.marionette.DEFAULT_STARTUP_TIMEOUT
             timeout_shutdown = self.marionette.DEFAULT_SHUTDOWN_TIMEOUT
             self.marionette.DEFAULT_SHUTDOWN_TIMEOUT = 5
             self.marionette.DEFAULT_STARTUP_TIMEOUT = 5
 
             with self.assertRaisesRegexp(IOError, "the connection to Marionette server is lost"):
                 self.marionette.restart(in_app=True, callback=lambda: False)
@@ -264,26 +268,30 @@ class TestQuitRestart(MarionetteTestCase
             self.marionette.get_url()
 
         self.marionette.start_session()
         self.assertEqual(self.marionette.profile, self.profile)
         self.assertNotEqual(self.marionette.session_id, self.session_id)
         self.assertNotEqual(self.marionette.get_pref("startup.homepage_welcome_url"),
                             "about:")
 
-    def test_in_app_quit_with_callback_no_shutdown(self):
+    def test_in_app_quit_with_callback_missing_shutdown(self):
         try:
             timeout = self.marionette.DEFAULT_SHUTDOWN_TIMEOUT
             self.marionette.DEFAULT_SHUTDOWN_TIMEOUT = 10
 
             with self.assertRaisesRegexp(IOError, "a requested application quit did not happen"):
                 self.marionette.quit(in_app=True, callback=lambda: False)
         finally:
             self.marionette.DEFAULT_SHUTDOWN_TIMEOUT = timeout
 
+    def test_in_app_quit_with_callback_not_callable(self):
+        with self.assertRaisesRegexp(ValueError, "is not callable"):
+            self.marionette.restart(in_app=True, callback=4)
+
     @skip("Bug 1363368 - Wrong window handles after in_app restarts")
     def test_reset_context_after_quit_by_set_context(self):
         if self.marionette.session_capabilities["platformName"] != "windows_nt":
             skip("Bug 1363368 - Wrong window handles after in_app restarts")
 
         # Check that we are in content context which is used by default in
         # Marionette
         self.assertNotIn("chrome://", self.marionette.get_url(),
--- a/tools/lint/eslint/eslint-plugin-mozilla/lib/rules/no-cpows-in-tests.js
+++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/rules/no-cpows-in-tests.js
@@ -9,22 +9,24 @@
 "use strict";
 
 // -----------------------------------------------------------------------------
 // Rule Definition
 // -----------------------------------------------------------------------------
 
 var helpers = require("../helpers");
 
+// Note: we match to the end of the string as well as the beginning, to avoid
+// multiple reports from MemberExpression statements.
 var cpows = [
-  /^gBrowser\.contentWindow/,
-  /^gBrowser\.contentDocument/,
-  /^gBrowser\.selectedBrowser.contentWindow/,
-  /^browser\.contentDocument/,
-  /^window\.content/
+  /^gBrowser\.contentWindow$/,
+  /^gBrowser\.contentDocument$/,
+  /^gBrowser\.selectedBrowser\.contentWindow$/,
+  /^browser\.contentDocument$/,
+  /^window\.content$/
 ];
 
 var isInContentTask = false;
 
 module.exports = function(context) {
   // ---------------------------------------------------------------------------
   // Helpers
   // ---------------------------------------------------------------------------
@@ -81,32 +83,60 @@ module.exports = function(context) {
           showError(node, expression);
           return true;
         }
         return false;
       });
       if (!someCpowFound && helpers.getIsGlobalScope(context.getAncestors())) {
         if (/^content\./.test(expression)) {
           showError(node, expression);
-
         }
       }
     },
 
     Identifier(node) {
       if (helpers.getTestType(context) != "browser") {
         return;
       }
 
+      if (node.name !== "content" ||
+          // Don't complain if this is part of a member expression - the
+          // MemberExpression() function will handle those.
+          node.parent.type === "MemberExpression" ||
+          // If this is a declared variable in a function, then don't complain.
+          node.parent.type === "FunctionDeclaration") {
+        return;
+      }
+
+      // Don't error in the case of `let content = foo`.
+      if (node.parent.type === "VariableDeclarator" &&
+          node.parent.id && node.parent.id.name === "content") {
+        return;
+      }
+
+      // Walk up the parents, see if we can find if this is a local variable.
+      let parent = node;
+      do {
+        parent = parent.parent;
+
+        // Don't error if 'content' is one of the function parameters.
+        if (parent.type === "FunctionDeclaration" &&
+            context.getDeclaredVariables(parent).some(variable => variable.name === "content")) {
+          return;
+        } else if (parent.type === "BlockStatement" || parent.type === "Program") {
+          // Don't error if the block or program includes their own definition of content.
+          for (let item of parent.body) {
+            if (item.type === "VariableDeclaration" && item.declarations.length) {
+              for (let declaration of item.declarations) {
+                if (declaration.id && declaration.id.name === "content") {
+                  return;
+                }
+              }
+            }
+          }
+        }
+      } while (parent.parent);
+
       var expression = context.getSource(node);
-      if (expression == "content" || /^content\./.test(expression)) {
-        if (node.parent.type === "MemberExpression" &&
-            node.parent.object &&
-            node.parent.object.type === "Identifier" &&
-            node.parent.object.name != "content") {
-          return;
-        }
-        showError(node, expression);
-
-      }
+      showError(node, expression);
     }
   };
 };
--- a/tools/lint/eslint/eslint-plugin-mozilla/package-lock.json
+++ b/tools/lint/eslint/eslint-plugin-mozilla/package-lock.json
@@ -1,11 +1,11 @@
 {
   "name": "eslint-plugin-mozilla",
-  "version": "0.4.5",
+  "version": "0.4.6",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
     "acorn": {
       "version": "5.1.2",
       "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.1.2.tgz",
       "integrity": "sha512-o96FZLJBPY1lvTuJylGA9Bk3t/GKPPJG8H0ydQQl01crzwJgspa4AEIq/pVTXigmK0PHVQhiAtn8WMBLL9D2WA==",
       "dev": true
@@ -23,37 +23,37 @@
           "version": "3.3.0",
           "resolved": "https://registry.npmjs.org/acorn/-/acorn-3.3.0.tgz",
           "integrity": "sha1-ReN/s56No/JbruP/U2niu18iAXo=",
           "dev": true
         }
       }
     },
     "ajv": {
-      "version": "5.2.2",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-5.2.2.tgz",
-      "integrity": "sha1-R8aNaehvXZUxA7AHSpQw3GPaXjk=",
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-5.3.0.tgz",
+      "integrity": "sha1-RBT/dKUIecII7l/cgm4ywwNUnto=",
       "dev": true,
       "requires": {
         "co": "4.6.0",
         "fast-deep-equal": "1.0.0",
-        "json-schema-traverse": "0.3.1",
-        "json-stable-stringify": "1.0.1"
+        "fast-json-stable-stringify": "2.0.0",
+        "json-schema-traverse": "0.3.1"
       }
     },
     "ajv-keywords": {
-      "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-1.5.1.tgz",
-      "integrity": "sha1-MU3QpLM2j609/NxU7eYXG4htrzw=",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-2.1.0.tgz",
+      "integrity": "sha1-opbhf3v658HOT34N5T0pyzIWLfA=",
       "dev": true
     },
     "ansi-escapes": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-2.0.0.tgz",
-      "integrity": "sha1-W65SvkJIeN2Xg+iRDj/Cki6DyBs=",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.0.0.tgz",
+      "integrity": "sha512-O/klc27mWNUigtv0F8NJWbLF00OcegQalkqKURWdosW08YZKi4m6CnSUSvIZG1otNJbTWhN01Hhz389DW7mvDQ==",
       "dev": true
     },
     "ansi-regex": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz",
       "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=",
       "dev": true
     },
@@ -97,16 +97,40 @@
       "version": "6.26.0",
       "resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.26.0.tgz",
       "integrity": "sha1-Y/1D99weO7fONZR9uP42mj9Yx0s=",
       "dev": true,
       "requires": {
         "chalk": "1.1.3",
         "esutils": "2.0.2",
         "js-tokens": "3.0.2"
+      },
+      "dependencies": {
+        "chalk": {
+          "version": "1.1.3",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+          "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "2.2.1",
+            "escape-string-regexp": "1.0.5",
+            "has-ansi": "2.0.0",
+            "strip-ansi": "3.0.1",
+            "supports-color": "2.0.0"
+          }
+        },
+        "strip-ansi": {
+          "version": "3.0.1",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
+          "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "2.1.1"
+          }
+        }
       }
     },
     "balanced-match": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
       "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
       "dev": true
     },
@@ -137,26 +161,44 @@
     },
     "callsites": {
       "version": "0.2.0",
       "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz",
       "integrity": "sha1-r6uWJikQp/M8GaV3WCXGnzTjUMo=",
       "dev": true
     },
     "chalk": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
-      "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.3.0.tgz",
+      "integrity": "sha512-Az5zJR2CBujap2rqXGaJKaPHyJ0IrUimvYNX+ncCy8PJP4ltOGTrHUIo097ZaL2zMeKYpiCdqDvS6zdrTFok3Q==",
       "dev": true,
       "requires": {
-        "ansi-styles": "2.2.1",
+        "ansi-styles": "3.2.0",
         "escape-string-regexp": "1.0.5",
-        "has-ansi": "2.0.0",
-        "strip-ansi": "3.0.1",
-        "supports-color": "2.0.0"
+        "supports-color": "4.5.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "3.2.0",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.0.tgz",
+          "integrity": "sha512-NnSOmMEYtVR2JVMIGTzynRkkaxtiq1xnFBcdQD/DnNCYPoEPsVJhM98BDyaoNOQIi7p4okdi3E27eN7GQbsUug==",
+          "dev": true,
+          "requires": {
+            "color-convert": "1.9.0"
+          }
+        },
+        "supports-color": {
+          "version": "4.5.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-4.5.0.tgz",
+          "integrity": "sha1-vnoN5ITexcXN34s9WRJQRJEvY1s=",
+          "dev": true,
+          "requires": {
+            "has-flag": "2.0.0"
+          }
+        }
       }
     },
     "circular-json": {
       "version": "0.3.3",
       "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.3.3.tgz",
       "integrity": "sha512-UZK3NBx2Mca+b5LsG7bY183pHWt5Y1xts4P3Pz7ENTwGVnJOUWbRb3ocjvX7hx9tq/yTAdclXm9sZ38gNuem4A==",
       "dev": true
     },
@@ -192,23 +234,20 @@
     },
     "color-name": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
       "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
       "dev": true
     },
     "commander": {
-      "version": "2.9.0",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-2.9.0.tgz",
-      "integrity": "sha1-nJkJQXbhIkDLItbFFGCYQA/g99Q=",
-      "dev": true,
-      "requires": {
-        "graceful-readlink": "1.0.1"
-      }
+      "version": "2.11.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.11.0.tgz",
+      "integrity": "sha512-b0553uYA5YAEGgyYIGYROzKQ7X5RAqedkfjiZxwi0kL1g3bOaBNNZfYkzt/CL0umgD5wc9Jec2FbB98CjkMRvQ==",
+      "dev": true
     },
     "concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
       "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
       "dev": true
     },
     "concat-stream": {
@@ -223,20 +262,31 @@
       }
     },
     "core-util-is": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
       "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
       "dev": true
     },
+    "cross-spawn": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz",
+      "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=",
+      "dev": true,
+      "requires": {
+        "lru-cache": "4.1.1",
+        "shebang-command": "1.2.0",
+        "which": "1.3.0"
+      }
+    },
     "debug": {
-      "version": "2.6.8",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
-      "integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw=",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+      "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
       "dev": true,
       "requires": {
         "ms": "2.0.0"
       }
     },
     "deep-is": {
       "version": "0.1.3",
       "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz",
@@ -254,19 +304,19 @@
         "is-path-in-cwd": "1.0.0",
         "object-assign": "4.1.1",
         "pify": "2.3.0",
         "pinkie-promise": "2.0.1",
         "rimraf": "2.6.2"
       }
     },
     "diff": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/diff/-/diff-3.2.0.tgz",
-      "integrity": "sha1-yc45Okt8vQsFinJck98pkCeGj/k=",
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-3.3.1.tgz",
+      "integrity": "sha512-MKPHZDMB0o6yHyDryUOScqZibp914ksXwAMYMTHj6KO8UeKsRYNJD3oNCKjTqZon+V488P7N/HzXF8t7ZR95ww==",
       "dev": true
     },
     "doctrine": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.0.0.tgz",
       "integrity": "sha1-xz2NKQnSIpHhoAejlYBNqLZl/mM=",
       "dev": true,
       "requires": {
@@ -276,53 +326,57 @@
     },
     "escape-string-regexp": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
       "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
       "dev": true
     },
     "eslint": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-4.2.0.tgz",
-      "integrity": "sha1-orMYQRGxmOAunH88ymJaXgHFaz0=",
+      "version": "4.9.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-4.9.0.tgz",
+      "integrity": "sha1-doedJ0BoJhsZH+Dy9Wx0wvQgjos=",
       "dev": true,
       "requires": {
-        "ajv": "5.2.2",
+        "ajv": "5.3.0",
         "babel-code-frame": "6.26.0",
-        "chalk": "1.1.3",
+        "chalk": "2.3.0",
         "concat-stream": "1.6.0",
-        "debug": "2.6.8",
+        "cross-spawn": "5.1.0",
+        "debug": "3.1.0",
         "doctrine": "2.0.0",
         "eslint-scope": "3.7.1",
         "espree": "3.5.1",
         "esquery": "1.0.0",
         "estraverse": "4.2.0",
         "esutils": "2.0.2",
         "file-entry-cache": "2.0.0",
+        "functional-red-black-tree": "1.0.1",
         "glob": "7.1.2",
         "globals": "9.18.0",
-        "ignore": "3.3.5",
+        "ignore": "3.3.7",
         "imurmurhash": "0.1.4",
-        "inquirer": "3.2.3",
+        "inquirer": "3.3.0",
         "is-resolvable": "1.0.0",
         "js-yaml": "3.10.0",
         "json-stable-stringify": "1.0.1",
         "levn": "0.3.0",
         "lodash": "4.17.4",
         "minimatch": "3.0.4",
         "mkdirp": "0.5.1",
         "natural-compare": "1.4.0",
         "optionator": "0.8.2",
         "path-is-inside": "1.0.2",
-        "pluralize": "4.0.0",
+        "pluralize": "7.0.0",
         "progress": "2.0.0",
         "require-uncached": "1.0.3",
+        "semver": "5.4.1",
+        "strip-ansi": "4.0.0",
         "strip-json-comments": "2.0.1",
-        "table": "4.0.1",
+        "table": "4.0.2",
         "text-table": "0.2.0"
       }
     },
     "eslint-scope": {
       "version": "3.7.1",
       "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-3.7.1.tgz",
       "integrity": "sha1-PWPD7f2gLgbgGkUq2IyqzHzctug=",
       "dev": true,
@@ -374,32 +428,38 @@
     },
     "esutils": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz",
       "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
       "dev": true
     },
     "external-editor": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-2.0.4.tgz",
-      "integrity": "sha1-HtkZnanL/i7y96MbL96LDRI2iXI=",
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-2.0.5.tgz",
+      "integrity": "sha512-Msjo64WT5W+NhOpQXh0nOHm+n0RfU1QUwDnKYvJ8dEJ8zlwLrqXNTv5mSUTJpepf41PDJGyhueTw2vNZW+Fr/w==",
       "dev": true,
       "requires": {
         "iconv-lite": "0.4.19",
-        "jschardet": "1.5.1",
-        "tmp": "0.0.31"
+        "jschardet": "1.6.0",
+        "tmp": "0.0.33"
       }
     },
     "fast-deep-equal": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.0.0.tgz",
       "integrity": "sha1-liVqO8l1WV6zbYLpkp0GDYk0Of8=",
       "dev": true
     },
+    "fast-json-stable-stringify": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz",
+      "integrity": "sha1-1RQsDK7msRifh9OnYREGT4bIu/I=",
+      "dev": true
+    },
     "fast-levenshtein": {
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
       "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=",
       "dev": true
     },
     "figures": {
       "version": "2.0.0",
@@ -411,38 +471,44 @@
       }
     },
     "file-entry-cache": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-2.0.0.tgz",
       "integrity": "sha1-w5KZDD5oR4PYOLjISkXYoEhFg2E=",
       "dev": true,
       "requires": {
-        "flat-cache": "1.2.2",
+        "flat-cache": "1.3.0",
         "object-assign": "4.1.1"
       }
     },
     "flat-cache": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-1.2.2.tgz",
-      "integrity": "sha1-+oZxTnLCHbiGAXYezy9VXRq8a5Y=",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-1.3.0.tgz",
+      "integrity": "sha1-0wMLMrOBVPTjt+nHCfSQ9++XxIE=",
       "dev": true,
       "requires": {
         "circular-json": "0.3.3",
         "del": "2.2.2",
         "graceful-fs": "4.1.11",
         "write": "0.2.1"
       }
     },
     "fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
       "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
       "dev": true
     },
+    "functional-red-black-tree": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
+      "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=",
+      "dev": true
+    },
     "glob": {
       "version": "7.1.2",
       "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
       "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
       "dev": true,
       "requires": {
         "fs.realpath": "1.0.0",
         "inflight": "1.0.6",
@@ -473,26 +539,20 @@
       }
     },
     "graceful-fs": {
       "version": "4.1.11",
       "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.11.tgz",
       "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg=",
       "dev": true
     },
-    "graceful-readlink": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/graceful-readlink/-/graceful-readlink-1.0.1.tgz",
-      "integrity": "sha1-TK+tdrxi8C+gObL5Tpo906ORpyU=",
-      "dev": true
-    },
     "growl": {
-      "version": "1.9.2",
-      "resolved": "https://registry.npmjs.org/growl/-/growl-1.9.2.tgz",
-      "integrity": "sha1-Dqd0NxXbjY3ixe3hd14bRayFwC8=",
+      "version": "1.10.3",
+      "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.3.tgz",
+      "integrity": "sha512-hKlsbA5Vu3xsh1Cg3J7jSmX/WaW6A5oBeqzM88oNbCRQFz+zUaXm6yxS4RVytp1scBoJzSYl4YAEOQIt6O8V1Q==",
       "dev": true
     },
     "has-ansi": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz",
       "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=",
       "dev": true,
       "requires": {
@@ -500,26 +560,32 @@
       }
     },
     "has-flag": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-2.0.0.tgz",
       "integrity": "sha1-6CB68cx7MNRGzHC3NLXovhj4jVE=",
       "dev": true
     },
+    "he": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/he/-/he-1.1.1.tgz",
+      "integrity": "sha1-k0EP0hsAlzUVH4howvJx80J+I/0=",
+      "dev": true
+    },
     "iconv-lite": {
       "version": "0.4.19",
       "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.19.tgz",
       "integrity": "sha512-oTZqweIP51xaGPI4uPa56/Pri/480R+mo7SeU+YETByQNhDG55ycFyNLIgta9vXhILrxXDmF7ZGhqZIcuN0gJQ==",
       "dev": true
     },
     "ignore": {
-      "version": "3.3.5",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.5.tgz",
-      "integrity": "sha512-JLH93mL8amZQhh/p6mfQgVBH3M6epNq3DfsXsTSuSrInVjwyYlFE1nv2AgfRCC8PoOhM0jwQ5v8s9LgbK7yGDw==",
+      "version": "3.3.7",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.7.tgz",
+      "integrity": "sha512-YGG3ejvBNHRqu0559EOxxNFihD0AjpvHlC/pdGKd3X3ofe+CoJkYazwNJYTNebqpPKN+VVQbh4ZFn1DivMNuHA==",
       "dev": true
     },
     "imurmurhash": {
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
       "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
       "dev": true
     },
@@ -540,81 +606,35 @@
       "dev": true
     },
     "ini-parser": {
       "version": "0.0.2",
       "resolved": "https://registry.npmjs.org/ini-parser/-/ini-parser-0.0.2.tgz",
       "integrity": "sha1-+kF4flZ3Y7P/Zdel2alO23QHh+8="
     },
     "inquirer": {
-      "version": "3.2.3",
-      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-3.2.3.tgz",
-      "integrity": "sha512-Bc3KbimpDTOeQdDj18Ir/rlsGuhBSSNqdOnxaAuKhpkdnMMuKsEGbZD2v5KFF9oso2OU+BPh7+/u5obmFDRmWw==",
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-3.3.0.tgz",
+      "integrity": "sha512-h+xtnyk4EwKvFWHrUYsWErEVR+igKtLdchu+o0Z1RL7VU/jVMFbYir2bp6bAj8efFNxWqHX0dIss6fJQ+/+qeQ==",
       "dev": true,
       "requires": {
-        "ansi-escapes": "2.0.0",
-        "chalk": "2.1.0",
+        "ansi-escapes": "3.0.0",
+        "chalk": "2.3.0",
         "cli-cursor": "2.1.0",
         "cli-width": "2.2.0",
-        "external-editor": "2.0.4",
+        "external-editor": "2.0.5",
         "figures": "2.0.0",
         "lodash": "4.17.4",
         "mute-stream": "0.0.7",
         "run-async": "2.3.0",
         "rx-lite": "4.0.8",
         "rx-lite-aggregates": "4.0.8",
         "string-width": "2.1.1",
         "strip-ansi": "4.0.0",
         "through": "2.3.8"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
-          "dev": true
-        },
-        "ansi-styles": {
-          "version": "3.2.0",
-          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.0.tgz",
-          "integrity": "sha512-NnSOmMEYtVR2JVMIGTzynRkkaxtiq1xnFBcdQD/DnNCYPoEPsVJhM98BDyaoNOQIi7p4okdi3E27eN7GQbsUug==",
-          "dev": true,
-          "requires": {
-            "color-convert": "1.9.0"
-          }
-        },
-        "chalk": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.1.0.tgz",
-          "integrity": "sha512-LUHGS/dge4ujbXMJrnihYMcL4AoOweGnw9Tp3kQuqy1Kx5c1qKjqvMJZ6nVJPMWJtKCTN72ZogH3oeSO9g9rXQ==",
-          "dev": true,
-          "requires": {
-            "ansi-styles": "3.2.0",
-            "escape-string-regexp": "1.0.5",
-            "supports-color": "4.4.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
-          "dev": true,
-          "requires": {
-            "ansi-regex": "3.0.0"
-          }
-        },
-        "supports-color": {
-          "version": "4.4.0",
-          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-4.4.0.tgz",
-          "integrity": "sha512-rKC3+DyXWgK0ZLKwmRsrkyHVZAjNkfzeehuFWdGGcqGDTZFH73+RH6S/RDAAxl9GusSjZSUWYLmT9N5pzXFOXQ==",
-          "dev": true,
-          "requires": {
-            "has-flag": "2.0.0"
-          }
-        }
       }
     },
     "is-fullwidth-code-point": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
       "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
       "dev": true
     },
@@ -658,16 +678,22 @@
       }
     },
     "isarray": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
       "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=",
       "dev": true
     },
+    "isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "dev": true
+    },
     "js-tokens": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz",
       "integrity": "sha1-mGbfOVECEw449/mWvOtlRDIJwls=",
       "dev": true
     },
     "js-yaml": {
       "version": "3.10.0",
@@ -675,19 +701,19 @@
       "integrity": "sha512-O2v52ffjLa9VeM43J4XocZE//WT9N0IiwDa3KSHH7Tu8CtH+1qM8SIZvnsTh6v+4yFy5KUY3BHUVwjpfAWsjIA==",
       "dev": true,
       "requires": {
         "argparse": "1.0.9",
         "esprima": "4.0.0"
       }
     },
     "jschardet": {
-      "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/jschardet/-/jschardet-1.5.1.tgz",
-      "integrity": "sha512-vE2hT1D0HLZCLLclfBSfkfTTedhVj0fubHpJBHKwwUWX0nSbhPAfk+SG9rTX95BYNmau8rGFfCeaT6T5OW1C2A==",
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/jschardet/-/jschardet-1.6.0.tgz",
+      "integrity": "sha512-xYuhvQ7I9PDJIGBWev9xm0+SMSed3ZDBAmvVjbFR1ZRLAF+vlXcQu6cRI9uAlj81rzikElRVteehwV7DuX2ZmQ==",
       "dev": true
     },
     "json-schema-traverse": {
       "version": "0.3.1",
       "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz",
       "integrity": "sha1-NJptRMU6Ud6JtAgFxdXlm0F9M0A=",
       "dev": true
     },
@@ -695,22 +721,16 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/json-stable-stringify/-/json-stable-stringify-1.0.1.tgz",
       "integrity": "sha1-mnWdOcXy/1A/1TAGRu1EX4jE+a8=",
       "dev": true,
       "requires": {
         "jsonify": "0.0.0"
       }
     },
-    "json3": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/json3/-/json3-3.3.2.tgz",
-      "integrity": "sha1-PAQ0dD35Pi9cQq7nsZvLSDV19OE=",
-      "dev": true
-    },
     "jsonify": {
       "version": "0.0.0",
       "resolved": "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz",
       "integrity": "sha1-LHS27kHZPKUbe1qu6PUDYx0lKnM=",
       "dev": true
     },
     "levn": {
       "version": "0.3.0",
@@ -723,82 +743,24 @@
       }
     },
     "lodash": {
       "version": "4.17.4",
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz",
       "integrity": "sha1-eCA6TRwyiuHYbcpkYONptX9AVa4=",
       "dev": true
     },
-    "lodash._baseassign": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/lodash._baseassign/-/lodash._baseassign-3.2.0.tgz",
-      "integrity": "sha1-jDigmVAPIVrQnlnxci/QxSv+Ck4=",
+    "lru-cache": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.1.tgz",
+      "integrity": "sha512-q4spe4KTfsAS1SUHLO0wz8Qiyf1+vMIAgpRYioFYDMNqKfHQbg+AVDH3i4fvpl71/P1L0dBl+fQi+P37UYf0ew==",
       "dev": true,
       "requires": {
-        "lodash._basecopy": "3.0.1",
-        "lodash.keys": "3.1.2"
-      }
-    },
-    "lodash._basecopy": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/lodash._basecopy/-/lodash._basecopy-3.0.1.tgz",
-      "integrity": "sha1-jaDmqHbPNEwK2KVIghEd08XHyjY=",
-      "dev": true
-    },
-    "lodash._basecreate": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/lodash._basecreate/-/lodash._basecreate-3.0.3.tgz",
-      "integrity": "sha1-G8ZhYU2qf8MRt9A78WgGoCE8+CE=",
-      "dev": true
-    },
-    "lodash._getnative": {
-      "version": "3.9.1",
-      "resolved": "https://registry.npmjs.org/lodash._getnative/-/lodash._getnative-3.9.1.tgz",
-      "integrity": "sha1-VwvH3t5G1hzc3mh9ZdPuy6o6r/U=",
-      "dev": true
-    },
-    "lodash._isiterateecall": {
-      "version": "3.0.9",
-      "resolved": "https://registry.npmjs.org/lodash._isiterateecall/-/lodash._isiterateecall-3.0.9.tgz",
-      "integrity": "sha1-UgOte6Ql+uhCRg5pbbnPPmqsBXw=",
-      "dev": true
-    },
-    "lodash.create": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/lodash.create/-/lodash.create-3.1.1.tgz",
-      "integrity": "sha1-1/KEnw29p+BGgruM1yqwIkYd6+c=",
-      "dev": true,
-      "requires": {
-        "lodash._baseassign": "3.2.0",
-        "lodash._basecreate": "3.0.3",
-        "lodash._isiterateecall": "3.0.9"
-      }
-    },
-    "lodash.isarguments": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz",
-      "integrity": "sha1-L1c9hcaiQon/AGY7SRwdM4/zRYo=",
-      "dev": true
-    },
-    "lodash.isarray": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/lodash.isarray/-/lodash.isarray-3.0.4.tgz",
-      "integrity": "sha1-eeTriMNqgSKvhvhEqpvNhRtfu1U=",
-      "dev": true
-    },
-    "lodash.keys": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/lodash.keys/-/lodash.keys-3.1.2.tgz",
-      "integrity": "sha1-TbwEcrFWvlCgsoaFXRvQsMZWCYo=",
-      "dev": true,
-      "requires": {
-        "lodash._getnative": "3.9.1",
-        "lodash.isarguments": "3.1.0",
-        "lodash.isarray": "3.0.4"
+        "pseudomap": "1.0.2",
+        "yallist": "2.1.2"
       }
     },
     "mimic-fn": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.1.0.tgz",
       "integrity": "sha1-5md4PZLonb00KBi1IwudYqZyrRg=",
       "dev": true
     },
@@ -822,76 +784,40 @@
       "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
       "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
       "dev": true,
       "requires": {
         "minimist": "0.0.8"
       }
     },
     "mocha": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-3.4.2.tgz",
-      "integrity": "sha1-0O9NMyEm2/GNDWQMmzgt1IvpdZQ=",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-4.0.1.tgz",
+      "integrity": "sha512-evDmhkoA+cBNiQQQdSKZa2b9+W2mpLoj50367lhy+Klnx9OV8XlCIhigUnn1gaTFLQCa0kdNhEGDr0hCXOQFDw==",
       "dev": true,
       "requires": {
         "browser-stdout": "1.3.0",
-        "commander": "2.9.0",
-        "debug": "2.6.0",
-        "diff": "3.2.0",
+        "commander": "2.11.0",
+        "debug": "3.1.0",
+        "diff": "3.3.1",
         "escape-string-regexp": "1.0.5",
-        "glob": "7.1.1",
-        "growl": "1.9.2",
-        "json3": "3.3.2",
-        "lodash.create": "3.1.1",
+        "glob": "7.1.2",
+        "growl": "1.10.3",
+        "he": "1.1.1",
         "mkdirp": "0.5.1",
-        "supports-color": "3.1.2"
+        "supports-color": "4.4.0"
       },
       "dependencies": {
-        "debug": {
-          "version": "2.6.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.0.tgz",
-          "integrity": "sha1-vFlryr52F/Edn6FTYe3tVgi4SZs=",
-          "dev": true,
-          "requires": {
-            "ms": "0.7.2"
-          }
-        },
-        "glob": {
-          "version": "7.1.1",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.1.tgz",
-          "integrity": "sha1-gFIR3wT6rxxjo2ADBs31reULLsg=",
+        "supports-color": {
+          "version": "4.4.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-4.4.0.tgz",
+          "integrity": "sha512-rKC3+DyXWgK0ZLKwmRsrkyHVZAjNkfzeehuFWdGGcqGDTZFH73+RH6S/RDAAxl9GusSjZSUWYLmT9N5pzXFOXQ==",
           "dev": true,
           "requires": {
-            "fs.realpath": "1.0.0",
-            "inflight": "1.0.6",
-            "inherits": "2.0.3",
-            "minimatch": "3.0.4",
-            "once": "1.4.0",
-            "path-is-absolute": "1.0.1"
-          }
-        },
-        "has-flag": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-1.0.0.tgz",
-          "integrity": "sha1-nZ55MWXOAXoA8AQYxD+UKnsdEfo=",
-          "dev": true
-        },
-        "ms": {
-          "version": "0.7.2",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz",
-          "integrity": "sha1-riXPJRKziFodldfwN4aNhDESR2U=",
-          "dev": true
-        },
-        "supports-color": {
-          "version": "3.1.2",
-          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-3.1.2.tgz",
-          "integrity": "sha1-cqJiiU2dQIuVbKBf83su2KbiotU=",
-          "dev": true,
-          "requires": {
-            "has-flag": "1.0.0"
+            "has-flag": "2.0.0"
           }
         }
       }
     },
     "ms": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
@@ -982,19 +908,19 @@
       "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz",
       "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=",
       "dev": true,
       "requires": {
         "pinkie": "2.0.4"
       }
     },
     "pluralize": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-4.0.0.tgz",
-      "integrity": "sha1-WbcIwcAZCi9pLxx2GMRGsFL9F2I=",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-7.0.0.tgz",
+      "integrity": "sha512-ARhBOdzS3e41FbkW/XWrTEtukqqLoK5+Z/4UeDaLuSW+39JPeFgs4gCGqsrJHVZX0fUrx//4OF0K1CUGwlIFow==",
       "dev": true
     },
     "prelude-ls": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
       "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=",
       "dev": true
     },
@@ -1005,16 +931,22 @@
       "dev": true
     },
     "progress": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.0.tgz",
       "integrity": "sha1-ihvjZr+Pwj2yvSPxDG/pILQ4nR8=",
       "dev": true
     },
+    "pseudomap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz",
+      "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=",
+      "dev": true
+    },
     "readable-stream": {
       "version": "2.3.3",
       "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.3.tgz",
       "integrity": "sha512-m+qzzcn7KUxEmd1gMbchF+Y2eIUbieUaxkWtptyHywrX0rE8QEYqPC07Vuy4Wm32/xE16NcdBctb8S0Xe/5IeQ==",
       "dev": true,
       "requires": {
         "core-util-is": "1.0.2",
         "inherits": "2.0.3",
@@ -1090,133 +1022,136 @@
       "integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg==",
       "dev": true
     },
     "sax": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
       "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
     },
+    "semver": {
+      "version": "5.4.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.4.1.tgz",
+      "integrity": "sha512-WfG/X9+oATh81XtllIo/I8gOiY9EXRdv1cQdyykeXK17YcUW3EXUAi2To4pcH6nZtJPr7ZOpM5OMyWJZm+8Rsg==",
+      "dev": true
+    },
+    "shebang-command": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz",
+      "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=",
+      "dev": true,
+      "requires": {
+        "shebang-regex": "1.0.0"
+      }
+    },
+    "shebang-regex": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz",
+      "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=",
+      "dev": true
+    },
     "signal-exit": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz",
       "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=",
       "dev": true
     },
     "slice-ansi": {
-      "version": "0.0.4",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-0.0.4.tgz",
-      "integrity": "sha1-7b+JA/ZvfOL46v1s7tZeJkyDGzU=",
-      "dev": true
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-1.0.0.tgz",
+      "integrity": "sha512-POqxBK6Lb3q6s047D/XsDVNPnF9Dl8JSaqe9h9lURl0OdNqy/ujDrOiIHtsqXMGbWWTIomRzAMaTyawAU//Reg==",
+      "dev": true,
+      "requires": {
+        "is-fullwidth-code-point": "2.0.0"
+      }
     },
     "sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
       "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
       "dev": true
     },
     "string-width": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
       "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
       "dev": true,
       "requires": {
         "is-fullwidth-code-point": "2.0.0",
         "strip-ansi": "4.0.0"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
-          "dev": true
-        },
-        "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
-          "dev": true,
-          "requires": {
-            "ansi-regex": "3.0.0"
-          }
-        }
       }
     },
     "string_decoder": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.0.3.tgz",
       "integrity": "sha512-4AH6Z5fzNNBcH+6XDMfA/BTt87skxqJlO0lAh3Dker5zThcAxG6mKz+iGu308UKoPPQ8Dcqx/4JhujzltRa+hQ==",
       "dev": true,
       "requires": {
         "safe-buffer": "5.1.1"
       }
     },
     "strip-ansi": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
-      "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
+      "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
       "dev": true,
       "requires": {
-        "ansi-regex": "2.1.1"
+        "ansi-regex": "3.0.0"
+      },
+      "dependencies": {
+        "ansi-regex": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
+          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
+          "dev": true
+        }
       }
     },
     "strip-json-comments": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
       "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=",
       "dev": true
     },
     "supports-color": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz",
       "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=",
       "dev": true
     },
     "table": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/table/-/table-4.0.1.tgz",
-      "integrity": "sha1-qBFsEz+sLGH0pCCrbN9cTWHw5DU=",
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/table/-/table-4.0.2.tgz",
+      "integrity": "sha512-UUkEAPdSGxtRpiV9ozJ5cMTtYiqz7Ni1OGqLXRCynrvzdtR1p+cfOWe2RJLwvUG8hNanaSRjecIqwOjqeatDsA==",
       "dev": true,
       "requires": {
-        "ajv": "4.11.8",
-        "ajv-keywords": "1.5.1",
-        "chalk": "1.1.3",
+        "ajv": "5.3.0",
+        "ajv-keywords": "2.1.0",
+        "chalk": "2.3.0",
         "lodash": "4.17.4",
-        "slice-ansi": "0.0.4",
+        "slice-ansi": "1.0.0",
         "string-width": "2.1.1"
-      },
-      "dependencies": {
-        "ajv": {
-          "version": "4.11.8",
-          "resolved": "https://registry.npmjs.org/ajv/-/ajv-4.11.8.tgz",
-          "integrity": "sha1-gv+wKynmYq5TvcIK8VlHcGc5xTY=",
-          "dev": true,
-          "requires": {
-            "co": "4.6.0",
-            "json-stable-stringify": "1.0.1"
-          }
-        }
       }
     },
     "text-table": {
       "version": "0.2.0",
       "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
       "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=",
       "dev": true
     },
     "through": {
       "version": "2.3.8",
       "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
       "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=",
       "dev": true
     },
     "tmp": {
-      "version": "0.0.31",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.31.tgz",
-      "integrity": "sha1-jzirlDjhcxXl29izZX6L+yd65Kc=",
+      "version": "0.0.33",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz",
+      "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==",
       "dev": true,
       "requires": {
         "os-tmpdir": "1.0.2"
       }
     },
     "tryit": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/tryit/-/tryit-1.0.3.tgz",
@@ -1239,16 +1174,25 @@
       "dev": true
     },
     "util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
       "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=",
       "dev": true
     },
+    "which": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/which/-/which-1.3.0.tgz",
+      "integrity": "sha512-xcJpopdamTuY5duC/KnTTNBraPK54YwpenP4lzxU8H91GudWpFv38u0CKjclE1Wi2EH2EDz5LRcHcKbCIzqGyg==",
+      "dev": true,
+      "requires": {
+        "isexe": "2.0.0"
+      }
+    },
     "wordwrap": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
       "integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=",
       "dev": true
     },
     "wrappy": {
       "version": "1.0.2",
@@ -1259,11 +1203,17 @@
     "write": {
       "version": "0.2.1",
       "resolved": "https://registry.npmjs.org/write/-/write-0.2.1.tgz",
       "integrity": "sha1-X8A4KOJkzqP+kUVUdvejxWbLB1c=",
       "dev": true,
       "requires": {
         "mkdirp": "0.5.1"
       }
+    },
+    "yallist": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz",
+      "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=",
+      "dev": true
     }
   }
 }
--- a/tools/lint/eslint/eslint-plugin-mozilla/package.json
+++ b/tools/lint/eslint/eslint-plugin-mozilla/package.json
@@ -1,11 +1,11 @@
 {
   "name": "eslint-plugin-mozilla",
-  "version": "0.4.5",
+  "version": "0.4.6",
   "description": "A collection of rules that help enforce JavaScript coding standard in the Mozilla project.",
   "keywords": [
     "eslint",
     "eslintplugin",
     "eslint-plugin",
     "mozilla",
     "firefox"
   ],
@@ -19,18 +19,18 @@
   },
   "author": "Mike Ratcliffe",
   "main": "lib/index.js",
   "dependencies": {
     "ini-parser": "0.0.2",
     "sax": "1.2.4"
   },
   "devDependencies": {
-    "eslint": "4.2.0",
-    "mocha": "3.4.2"
+    "eslint": "4.9.0",
+    "mocha": "4.0.1"
   },
   "peerDependencies": {
     "eslint": "^3.0.0 || ^4.0.0",
     "eslint-plugin-no-unsanitized": "^2.0.1"
   },
   "engines": {
     "node": ">=6.9.1"
   },
new file mode 100644
--- /dev/null
+++ b/tools/lint/eslint/eslint-plugin-mozilla/tests/no-cpows-in-tests.js
@@ -0,0 +1,48 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// ------------------------------------------------------------------------------
+// Requirements
+// ------------------------------------------------------------------------------
+
+var rule = require("../lib/rules/no-cpows-in-tests");
+var RuleTester = require("eslint/lib/testers/rule-tester");
+
+const ruleTester = new RuleTester({ parserOptions: { ecmaVersion: 6 } });
+
+// ------------------------------------------------------------------------------
+// Tests
+// ------------------------------------------------------------------------------
+
+function wrapCode(code, filename = "browser_fake.js") {
+  return {code, filename};
+}
+
+function invalidCode(code, item, type = "MemberExpression") {
+  let message = `${item} is a possible Cross Process Object Wrapper (CPOW).`;
+  let obj = wrapCode(code);
+  obj.errors = [{message, type}];
+  return obj;
+}
+
+ruleTester.run("no-cpows-in-tests", rule, {
+  valid: [
+    "window.document",
+    wrapCode("ContentTask.spawn(browser, null, () => { content.document; });"),
+    wrapCode("let x = cssDocs.tooltip.content.contentDocument;"),
+    wrapCode("function test(content) { let x = content; }"),
+    wrapCode('let content = "content"; foo(content);')
+  ],
+  invalid: [
+    invalidCode("let x = gBrowser.contentWindow;", "gBrowser.contentWindow"),
+    invalidCode("let x = gBrowser.contentDocument;", "gBrowser.contentDocument"),
+    invalidCode("let x = gBrowser.selectedBrowser.contentWindow;", "gBrowser.selectedBrowser.contentWindow"),
+    invalidCode("let x = browser.contentDocument;", "browser.contentDocument"),
+    invalidCode("let x = window.content;", "window.content"),
+    invalidCode("content.document;", "content.document"),
+    invalidCode("let x = content;", "content", "Identifier"),
+    invalidCode("let x = gBrowser.contentWindow.wrappedJSObject", "gBrowser.contentWindow")
+  ]
+});