# prefer-https
π Prefer HTTPS over HTTP.
πΌπ« This rule is enabled in the β
`recommended` [config](https://github.com/sindresorhus/eslint-plugin-unicorn#recommended-config). This rule is _disabled_ in the βοΈ `unopinionated` [config](https://github.com/sindresorhus/eslint-plugin-unicorn#recommended-config).
π§ This rule is automatically fixable by the [`--fix` CLI option](https://eslint.org/docs/latest/user-guide/command-line-interface#--fix).
Using HTTPS avoids sending URLs to public resources over an insecure protocol.
This rule checks source text, including strings, template literals, JSX, comments, and non-JavaScript files when they are linted with ESLint language plugins such as [`@eslint/css`](https://github.com/eslint/css), [`@eslint/json`](https://github.com/eslint/json), [`@eslint/markdown`](https://github.com/eslint/markdown), and [`html-eslint`](https://html-eslint.org).
URLs without a public-looking top-level domain are ignored. For example, `http://localhost`, `http://example`, and `http://127.0.0.1` are allowed.
Well-known XML namespace URIs are also ignored. These are opaque identifiers that happen to use the `http:` scheme (for example, SVG's `http://www.w3.org/2000/svg`); rewriting them to `https:` would break XML and DOM parsing.
## Examples
```js
// β
const url = 'http://sindresorhus.com';
// β
const url = 'https://sindresorhus.com';
```
```js
// β
// See http://sindresorhus.com
// β
// See https://sindresorhus.com
```
```jsx
// β
const element = http://sindresorhus.com;
// β
const element = https://sindresorhus.com;
```