# prefer-https πŸ“ Prefer HTTPS over HTTP. πŸ’ΌπŸš« This rule is enabled in the βœ… `recommended` [config](https://github.com/sindresorhus/eslint-plugin-unicorn#recommended-config). This rule is _disabled_ in the β˜‘οΈ `unopinionated` [config](https://github.com/sindresorhus/eslint-plugin-unicorn#recommended-config). πŸ”§ This rule is automatically fixable by the [`--fix` CLI option](https://eslint.org/docs/latest/user-guide/command-line-interface#--fix). Using HTTPS avoids sending URLs to public resources over an insecure protocol. This rule checks source text, including strings, template literals, JSX, comments, and non-JavaScript files when they are linted with ESLint language plugins such as [`@eslint/css`](https://github.com/eslint/css), [`@eslint/json`](https://github.com/eslint/json), [`@eslint/markdown`](https://github.com/eslint/markdown), and [`html-eslint`](https://html-eslint.org). URLs without a public-looking top-level domain are ignored. For example, `http://localhost`, `http://example`, and `http://127.0.0.1` are allowed. Well-known XML namespace URIs are also ignored. These are opaque identifiers that happen to use the `http:` scheme (for example, SVG's `http://www.w3.org/2000/svg`); rewriting them to `https:` would break XML and DOM parsing. ## Examples ```js // ❌ const url = 'http://sindresorhus.com'; // βœ… const url = 'https://sindresorhus.com'; ``` ```js // ❌ // See http://sindresorhus.com // βœ… // See https://sindresorhus.com ``` ```jsx // ❌ const element = http://sindresorhus.com; // βœ… const element = https://sindresorhus.com; ```