HTTPSWatch assigns every tracked site a rating approximating the quality of its HTTPS support. If a verified TLS connection cannot be established or no page can be loaded over TLS, the site is given the Bad rating. The Mediocre rating means a TLS connection can be established but there are quality issues with the site’s implementation of HTTPS (e.g. the HTTP site doesn’t redirect to HTTPS or the Strict-Transport-Security header isn’t set). If everything looks good, a Good rating is given.
+
Many of the sites that receive a Mediocre rating are only missing the HTTP Strict-Transport-Security header and have otherwise good HTTPS. The HSTS header is a vital component of helping visitors reach a website securely. Without HSTS, it is still possible for an attacker to intercept web traffic and prevent users from connecting over HTTPS. Thus, websites will not be rated Good unless they include HSTS.
Some sites which HTTPSWatch rates as Mediocre are actually unusable in a browser. This is mostly due to mixed content, which HTTPSWatch doesn’t always detect.