Lack of interest Use HTTPS instead of HTTP as fallback / default protocol

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
K

Kirby

Well-known member
When XenForo renders a link with an unknown or missing protocol like [url]xenforo.com/community/forums/[/url] it does use http as fallback:

xenforo.com/community/forums/

Unencrypted communication is generally regarded insecure and deprecated by now so it might be a good idea to switch to HTTPS to protect user privacy.
 
Upvote 6
This suggestion has been closed. Votes are no longer accepted.
rdn said:
Not all websites support HTTPS (or even have https enabled), though.
Click to expand...
True. But that's why it's described as a fallback situation. If https fails, try http.

I agree with OPs point. Letsencrypt offers free certs. There's literally zero reason not to encrypt.
 
rdn said:
Not all websites support HTTPS (or even have https enabled), though.
Click to expand...
Yep. But a pretty large majority of websites do already and the number is increasing every year.

HTTP/2 basically requires TLS (as AFAIK no major browser did implement plain HTTP/2 due to it being backwards incompatible) and HTTP/3 has TLS baked into the protocol itself.

We might not be there yet, but at some point in the future the chance that there is only HTTP but not HTTPS might be pretty small vs. the risk of using an insecure sonnection.
 
Last edited:
Back
Top Bottom