Use https by default
Use https by default (i.e. if the user enters a URL without a protocol such as ) do not redirect https URLs such as  to http pages. For background, please see -
Thanks for your suggestion to improve the ORCID Registry. We have some progress to report on this.
We now have https as the default for the API and ORCID websites, and have updated all automatic emails and websites to include https links to ORCID pages.
With the release of API 2.1, the https formatted ORCID iD (e.g. https://orcid.org/0000-0001-2345-6789 ) is now the canonical format of the ORCID iD. We have updated all guidelines to reflect this, and encourage all to use https versions when displaying ORCID iDs in print and in metadata. For the 2.1/https announcement, see: https://orcid.org/blog/2017/11/16/announcing-api-21-orcid-ids-are-now-https
ORCID Community Team
Hello, ORCID Support Team members. The Trello link does not work. Could you please give an update on the status of this task?
I just signed up for an ORCID and the site sent me an email with an ORCID link:
>> The link to your public record is http://orcid.org/0000-<snip>
Since orcid.org has working TLS, you should adjust the email to include the https URL., eg, it should say:
>> The link to your public record is https://orcid.org/0000-<snip>
Also, some parts of your site do not have working TLS, for example, https://support.orcid.org produces invalid cert errors. It would be best to have the entire site protected by TLS.
Andy Mabbett commented
Use https by default (i.e. if the user enters a URL without a protocol such as ). Also, do not redirect https URLs such as  to http pages. Use https versions in documentation and examples, and on merchandise. For background, please see -