Use https by default
Use https by default (i.e. if the user enters a URL without a protocol such as ) do not redirect https URLs such as  to http pages. For background, please see -
Thanks for your suggestion to improve the ORCID Registry. We have some progress to report on this.
We now have https as the default for the API and ORCID websites, and are working to include only https links across all sites and automated emails.
We’ve also suggested that the https version of ORCID iDs be the encouraged display format in our iD display guidelines — see more at https://orcid.org/blog/2017/02/16/draft-display-guidelines-ids-articles-open-comment
ORCID Community Team
Hello, ORCID Support Team members. The Trello link does not work. Could you please give an update on the status of this task?
I just signed up for an ORCID and the site sent me an email with an ORCID link:
>> The link to your public record is http://orcid.org/0000-<snip>
Since orcid.org has working TLS, you should adjust the email to include the https URL., eg, it should say:
>> The link to your public record is https://orcid.org/0000-<snip>
Also, some parts of your site do not have working TLS, for example, https://support.orcid.org produces invalid cert errors. It would be best to have the entire site protected by TLS.
Andy Mabbett commented
Use https by default (i.e. if the user enters a URL without a protocol such as ). Also, do not redirect https URLs such as  to http pages. Use https versions in documentation and examples, and on merchandise. For background, please see -