I've been lurking for quite a while now and noticed that even though many of the sites linked support SSL connections, not many are posted as https.<p>In the comments too most people still post http. Ex: The Wikipedia links everyone seems to love.<p>Is this just because of old habits or do people use plugins that force https in the background?
I suspect the search engines (Google, Bing, DDG) could do a huge amount to combat this if they so wished.<p>Just check if the HTTP and HTTPS site returns near identical results (e.g. same title, response code, etc) then link to the HTTPS version by default.<p>A lot of links that get posted are directly taken (ultimately) from search engine results. Someone will search, view the page, then copy/paste it to others.
I suspect the problem is that http is still the default. If you type a url without a protocol into a browser, it goes to <a href="http://[url]" rel="nofollow">http://[url]</a><p>So unless the site in question is set up to redirect http requests to https, most links will be http.<p>I wonder if browsers should always try https first if no protocol is specified? But then as has been pointed out before on here, there's no guarantee that the http and https versions of the same url will have the same content.
I use HTTPS Everywhere, so even if links are posted as HTTP, I will be directed to HTTPS for sites that support it. It rewrites the URL browser side, so there's never an HTTP 426.<p><a href="https://www.eff.org/https-everywhere" rel="nofollow">https://www.eff.org/https-everywhere</a>
I don't care. SSL is probably good enough for a few pages that I want protected and I don't care about the rest. I haven't thought about it. If people express a strong preference either way I'll try to remember.