I noticed this yesterday. Browsing senate.gov and associated domains with https everywhere shows a lot of broken pages. It's fun to peek around on <a href="https://republicans.senate.gov" rel="nofollow">https://republicans.senate.gov</a> and <a href="https://democrat.senate.gov" rel="nofollow">https://democrat.senate.gov</a> because they appear to be test versions of those pages. You can see a list of domains the wildcard does cover by looking at the error the browser provides and what not. Someone should probably fix this mess over there...