Use HTTPS instead of HTTP as fallback / default protocol

[Kirby]

When XenForo renders a link with an unknown or missing protocol like [url]xenforo.com/community/forums/[/url] it does use http as fallback:

xenforo.com/community/forums/

Unencrypted communication is generally regarded insecure and deprecated by now so it might be a good idea to switch to HTTPS to protect user privacy.

 

[rdn]

Not all websites support HTTPS (or even have https enabled), though.

 

[badmonkey]

Not all websites support HTTPS (or even have https enabled), though.

True. But that's why it's described as a fallback situation. If https fails, try http.

I agree with OPs point. Letsencrypt offers free certs. There's literally zero reason not to encrypt.

 

[Kirby]

Not all websites support HTTPS (or even have https enabled), though.

Yep. But a pretty large majority of websites do already and the number is increasing every year.

HTTP/2 basically requires TLS (as AFAIK no major browser did implement plain HTTP/2 due to it being backwards incompatible) and HTTP/3 has TLS baked into the protocol itself.

We might not be there yet, but at some point in the future the chance that there is only HTTP but not HTTPS might be pretty small vs. the risk of using an insecure sonnection.