I was also wrong to say that w3.org never redirects to HTTPS. If the browsers sends a Upgrade-Insecure-Requests HTTP-header, then it redirects. That allows it to support all browsers as securely as possible.

Sites like whynohttps.com and observatory.mozilla.org should really test for this pattern.