publicdata/nih-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nih-gov/www.ncbi.nlm.nih.gov/home/develop/https-guidance/index.html

775 lines
46 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>HTTPS at NCBI: Guidance for Users</title>
<link rel="stylesheet" type="text/css" href="../../action-pgs.css"/>
<meta name="ncbi_app" content="guide4beta" />
<meta name="ncbi_pdid" content="content" />
<script type="text/javascript">
var ncbi_startTime = new Date();
</script>
<link media="only screen and (max-width: 905px)" rel="stylesheet" href="../../medium_screen.css" />
<link rel="stylesheet" type="text/css" href="../../components/normalize-css/normalize.css" />
<link rel="stylesheet" type="text/css" href="../../components/ncbi-standards/standard_base.css" />
<link rel="stylesheet" type="text/css" href="../../new_grid.css" />
<link rel="stylesheet" type="text/css" href="../../app.css" />
<link rel="stylesheet" type="text/css" href="../../components/ncbi-standards/hf/header.css" />
<link rel="stylesheet" type="text/css" href="../../homepage.css" />
<link rel="stylesheet" type="text/css" href="../../components/ncbi-standards/hf/footer.css" />
<link rel="stylesheet" type="text/css" href="../../check_youtube/check_youtube.css" />
<!-- for clear button on search input -->
<link rel="stylesheet" type="text/css" href="../../components/ncbi-standards/hf/clear.css" />
<script type="text/javascript" src="../../components/ncbi-standards/hf/clear.js"></script>
<!-- hp-971 - img for links to ncbi from social media sites -->
<link rel="image_src" href="//www.ncbi.nlm.nih.gov/corehtml/logo100.gif"/>
<!-- for popular resources list -->
<script type="text/javascript" src="/core/jig/1.15.2/js/jig.min.js"></script>
<!-- It is being included through /portal/portal3rc.fcgi/static/js/hfjs2.js -->
<style>
.top-nav {
display:block;
}
.top-nav li a { color:#000;}
.search_bar {
clear:both;
margin-top:1em;
}
html .ui-ncbimenu > li > a {color:#000;}
.top-nav li a:hover {color:#000;background:none;}
.top-nav li.popular-res-menu.selected > a {color:#000;background:none;}
.top-nav li a.expandDown {}
.top-nav .ui-ncbimenu li a.expandDown {background:none;padding-right:0;}
.ui-ncbibasicmenu li:last-child, .ui-ncbibasicmenu li:last-child a {
border-radius: 0;
}
.nopadding {padding:0;}
</style>
<script>
jQuery(document).ready(function(){
jQuery('.arrow-down').click(function(){jQuery('.popular-res-menu .expandDown').trigger('click');})
jQuery('.top-nav ul.jig-ncbimenu li:not(.popular-res-menu)').addClass('no-submenu');
});
</script>
<!-- end for popular resources list -->
<!-- for HP-886 -->
<script>
(function($){
$(function(){
var $dbList = $('.search_bar form select:first-child'),
$btn = $('.search_bar form button[name="Search"]'),
$input = $('#search');
console.info($btn);
$btn.on('click', function(evt){
var db = $dbList.val(), searchTerm = $input.val();
if ( db != '' && searchTerm != '') {
window.location.href = 'https://www.ncbi.nlm.nih.gov/'+ db + '/?term=' + searchTerm
} else if (db !== '' && searchTerm === '') {
window.location.href = 'https://www.ncbi.nlm.nih.gov/'+ db + '/';
}
else {
$input.focus();
}
return false;
});
});
})(jQuery);
</script>
<!-- end for HP-886 -->
<style type="text/css">
#maincontent ul { list-style-type: disc; }
.right { clear: right; }
.button {
display: inline-block;
text-align: center;
vertical-align: middle;
padding: 12px 24px;
border: 1px solid #a12727;
border-radius: 8px;
background: #985835;
background: -webkit-gradient(linear, left top, left bottom, from(#985835), to(#9e6a51));
background: -moz-linear-gradient(top, #985835, #9e6a51);
background: linear-gradient(to bottom, #985835, #9e6a51);
-webkit-box-shadow: #a8a8a8 -3px 4px 19px 0px;
-moz-box-shadow: #a8a8a8 -3px 4px 19px 0px;
box-shadow: #a8a8a8 -3px 4px 19px 0px;
text-shadow: #591717 1px 1px 1px;
font: normal normal bold 20px arial;
color: #fff9f5;
text-decoration: none;
}
.button:hover,
.button:focus {
background: #b66a40;
background: -webkit-gradient(linear, left top, left bottom, from(#b66a40), to(#be7f61));
background: -moz-linear-gradient(top, #b66a40, #be7f61);
background: linear-gradient(to bottom, #b66a40, #be7f61);
color: #fff9f5;
text-decoration: none;
}
.button:active {
background: #5b3520;
background: -webkit-gradient(linear, left top, left bottom, from(#5b3520), to(#9e6a51));
background: -moz-linear-gradient(top, #5b3520, #9e6a51);
background: linear-gradient(to bottom, #5b3520, #9e6a51);
}
.button:after{
content: "\0000a0";
display: inline-block;
height: 24px;
width: 24px;
line-height: 24px;
margin: 0 -4px -6px 4px;
position: relative;
top: 0px;
left: 10px;
background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAApUlEQVRIic3WoQ1CQRBF0ROCQiAQPygkEk0RaAqggK9pgAIoAEkFFPA1JSBRKAQCQQhZDKsxvIRJrt2bzO7MW2iwx0SoGrxwwxqDlKB8OGGRFFQOmCYFBXdsMEwJKmcsk4JKh1lSUPDAFqOUoHLBCr2UoHLEPCkoeGKHcUpQuaJFvx7+tX+/qL9vUeySY880Omid0KqILbvouo4FTiwyo6Ef+7a8ATHt32B8iq9qAAAAAElFTkSuQmCC") no-repeat left center transparent;
background-size: 100% 100%;
}
button.right { margin-bottom: 1em; }
button.button:focus { outline: none; }
</style>
</head>
<body>
<div class="grid">
<header id="page_header" role="banner" data-section="header">
<link type="text/css" rel="stylesheet" href="../../legacy/page.css"/>
<link type="text/css" rel="stylesheet" href="../../about/override.css"/>
<div xmlns="http://www.w3.org/1999/xhtml" id="universal_header" xml:base="http://127.0.0.1/sites/static/header_footer/">
<section class="usa-banner">
<div class="usa-accordion">
<header class="usa-banner-header">
<div class="usa-grid usa-banner-inner">
<img src="https://www.ncbi.nlm.nih.gov/coreutils/uswds/img/favicons/favicon-57.png" alt="U.S. flag" />
<p>An official website of the United States government</p>
<button class="non-usa-accordion-button usa-banner-button" aria-expanded="false" aria-controls="gov-banner-top" type="button">
<span class="usa-banner-button-text">Here's how you know</span>
</button>
</div>
</header>
<div class="usa-banner-content usa-grid usa-accordion-content" id="gov-banner-top" aria-hidden="true">
<div class="usa-banner-guidance-gov usa-width-one-half">
<img class="usa-banner-icon usa-media_block-img" src="https://www.ncbi.nlm.nih.gov/coreutils/uswds/img/icon-dot-gov.svg" alt="Dot gov" />
<div class="usa-media_block-body">
<p>
<strong>The .gov means it's official.</strong>
<br />
Federal government websites often end in .gov or .mil. Before
sharing sensitive information, make sure you're on a federal
government site.
</p>
</div>
</div>
<div class="usa-banner-guidance-ssl usa-width-one-half">
<img class="usa-banner-icon usa-media_block-img" src="https://www.ncbi.nlm.nih.gov/coreutils/uswds/img/icon-https.svg" alt="Https" />
<div class="usa-media_block-body">
<p>
<strong>The site is secure.</strong>
<br />
The <strong>https://</strong> ensures that you are connecting to the
official website and that any information you provide is encrypted
and transmitted securely.
</p>
</div>
</div>
</div>
</div>
</section>
<div class="usa-overlay"></div>
<header class="ncbi-header" role="banner" data-section="Header">
<div class="usa-grid">
<div class="usa-width-one-whole">
<div class="ncbi-header__logo">
<a href="/" class="logo" aria-label="NCBI Logo" data-ga-action="click_image" data-ga-label="NIH NLM Logo">
<img src="https://www.ncbi.nlm.nih.gov/coreutils/nwds/img/logos/AgencyLogo.svg" alt="NIH NLM Logo" />
</a>
</div>
<div class="ncbi-header__account">
<a id="account_login" href="https://account.ncbi.nlm.nih.gov" class="usa-button header-button" style="display:none" data-ga-action="open_menu" data-ga-label="account_menu">Log in</a>
<button id="account_info" class="header-button" style="display:none" aria-controls="account_popup" type="button">
<span class="fa fa-user" aria-hidden="true">
<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 24 24" width="20px" height="20px">
<g style="fill: #fff">
<ellipse cx="12" cy="8" rx="5" ry="6"></ellipse>
<path d="M21.8,19.1c-0.9-1.8-2.6-3.3-4.8-4.2c-0.6-0.2-1.3-0.2-1.8,0.1c-1,0.6-2,0.9-3.2,0.9s-2.2-0.3-3.2-0.9 C8.3,14.8,7.6,14.7,7,15c-2.2,0.9-3.9,2.4-4.8,4.2C1.5,20.5,2.6,22,4.1,22h15.8C21.4,22,22.5,20.5,21.8,19.1z"></path>
</g>
</svg>
</span>
<span class="username desktop-only" aria-hidden="true" id="uname_short"></span>
<span class="sr-only">Show account info</span>
</button>
</div>
<div class="ncbi-popup-anchor">
<div class="ncbi-popup account-popup" id="account_popup" aria-hidden="true">
<div class="ncbi-popup-head">
<button class="ncbi-close-button" data-ga-action="close_menu" data-ga-label="account_menu" type="button">
<span class="fa fa-times">
<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 48 48" width="24px" height="24px">
<path d="M38 12.83l-2.83-2.83-11.17 11.17-11.17-11.17-2.83 2.83 11.17 11.17-11.17 11.17 2.83 2.83 11.17-11.17 11.17 11.17 2.83-2.83-11.17-11.17z"></path>
</svg>
</span>
<span class="usa-sr-only">Close</span></button>
<h4>Account</h4>
</div>
<div class="account-user-info">
Logged in as:<br />
<b><span class="username" id="uname_long">username</span></b>
</div>
<div class="account-links">
<ul class="usa-unstyled-list">
<li><a id="account_myncbi" href="/myncbi/" class="set-base-url" data-ga-action="click_menu_item" data-ga-label="account_myncbi">Dashboard</a></li>
<li><a id="account_pubs" href="/myncbi/collections/bibliography/" class="set-base-url" data-ga-action="click_menu_item" data-ga-label="account_pubs">Publications</a></li>
<li><a id="account_settings" href="/account/settings/" class="set-base-url" data-ga-action="click_menu_item" data-ga-label="account_settings">Account settings</a></li>
<li><a id="account_logout" href="/account/signout/" class="set-base-url" data-ga-action="click_menu_item" data-ga-label="account_logout">Log out</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
</header>
<div role="navigation" aria-label="access keys">
<a id="nws_header_accesskey_0" href="https://www.ncbi.nlm.nih.gov/guide/browsers/#ncbi_accesskeys" class="usa-sr-only" accesskey="0" tabindex="-1">Access keys</a>
<a id="nws_header_accesskey_1" href="https://www.ncbi.nlm.nih.gov" class="usa-sr-only" accesskey="1" tabindex="-1">NCBI Homepage</a>
<a id="nws_header_accesskey_2" href="/myncbi/" class="set-base-url usa-sr-only" accesskey="2" tabindex="-1">MyNCBI Homepage</a>
<a id="nws_header_accesskey_3" href="#maincontent" class="usa-sr-only" accesskey="3" tabindex="-1">Main Content</a>
<a id="nws_header_accesskey_4" href="#" class="usa-sr-only" accesskey="4" tabindex="-1">Main Navigation</a>
</div>
<section data-section="Alerts">
<div class="ncbi-alerts-placeholder"></div>
</section>
</div>
<!-- gray header - nav & search -->
<div class="bg-gray header-div">
<nav class="top-nav" id="navcontent" role="navigation">
<ul class="inline_list black_text category_bar jig-ncbimenu">
<li><a href="/" class="uppercase">ncbi home</a></li>
<li><a href="../../literature/" class="uppercase">literature</a></li>
<li><a href="../../health/" class="uppercase">health</a></li>
<li><a href="../../genomes/" class="uppercase">genomes</a></li>
<li><a href="../../genes/" class="uppercase">genes</a></li>
<li><a href="../../proteins/" class="uppercase">proteins</a></li>
<li><a href="../../chemicals/" class="uppercase">chemicals</a></li>
<li class="popular-res-menu">
<a href="#" class="uppercase">popular resources &#x25BC;</a>
<ul>
<li><a href="/pubmed/">PubMed</a></li>
<li><a href="/books/">Bookshelf</a></li>
<li><a href="/pmc/">PubMed Central</a></li>
<li><a href="https://blast.ncbi.nlm.nih.gov">BLAST</a></li>
<li><a href="/nucleotide/">Nucleotide</a></li>
<li><a href="/genome/">Genome</a></li>
<li><a href="/snp/">SNP</a></li>
<li><a href="/gene">Gene</a></li>
<li><a href="/protein/">Protein</a></li>
<li><a href="https://pubchem.ncbi.nlm.nih.gov">PubChem</a></li>
</ul>
</li>
</ul>
</nav>
<div class="search_bar">
<form action="/search" method="get" role="search">
<select id="database">
<!-- <optgroup label="Recent"><option value="gquery" selected="selected" class="last">All Databases</option></optgroup> -->
<optgroup>
<option value="gquery">All Databases</option>
<option value="assembly">Assembly</option>
<option value="biocollections">Biocollections</option>
<option value="bioproject">BioProject</option>
<option value="biosample">BioSample</option>
<option value="biosystems">BioSystems</option>
<option value="books">Books</option>
<option value="clinvar">ClinVar</option>
<option value="cdd">Conserved Domains</option>
<option value="gap">dbGaP</option>
<option value="dbvar">dbVar</option>
<option value="gene">Gene</option>
<option value="genome">Genome</option>
<option value="gds">GEO DataSets</option>
<option value="geoprofiles">GEO Profiles</option>
<option value="homologene">HomoloGene</option>
<option value="ipg">Identical Protein Groups</option>
<option value="medgen">MedGen</option>
<option value="mesh">MeSH</option>
<option value="ncbisearch">NCBI Web Site</option>
<option value="nlmcatalog">NLM Catalog</option>
<option value="nuccore">Nucleotide</option>
<option value="omim">OMIM</option>
<option value="pmc">PMC</option>
<option value="popset">PopSet</option>
<option value="protein">Protein</option>
<option value="proteinclusters">Protein Clusters</option>
<option value="pcassay">PubChem BioAssay</option>
<option value="pccompound">PubChem Compound</option>
<option value="pcsubstance">PubChem Substance</option>
<option value="pubmed">PubMed</option>
<option value="snp">SNP</option>
<option value="sra">SRA</option>
<option value="structure">Structure</option>
<option value="taxonomy">Taxonomy</option>
<option value="toolkit">ToolKit</option>
<option value="toolkitall">ToolKitAll</option>
<option value="toolkitbook">ToolKitBook</option>
</optgroup>
</select>
<label class="offscreen_noflow left" for="search">Search NCBI</label>
<div class="searchbar_wrap">
<input id="search" type="search" name="term" placeholder="Search NCBI" class="search-box" autocapitalize="off" autocorrect="off" autocomplete="off"/>
<a id="clear" href="#" style="display:none">
<img src="../../components/ncbi-standards/hf/clear.png" alt="Clear input" width="14" height="14" />
</a>
</div>
<button name="Search"><img class="icon-small" src="../../images/icons/search-white.svg" aria-hidden="true" aria-hidden="true" alt="" />
<span class="icon-fallback-text">Search Icon</span>&nbsp; Search</button>
</form>
</div>
</div>
</header>
<div id="maincontent" class="action_page">
<h1 class="gray-border large_h1">HTTPS at NCBI: Guidance for Users</h1>
<div class="right">
<a href="../../bulletins/downloads/"><button class="button right">Download HTTPS-ready software</button></a>
<iframe class="right" title="HTTPS - Changes to NCBI Web Protocols" width="560" height="315" style="margin-left: 1em" src="https://www.youtube.com/embed/Cl1ftn2Cuco" frameborder="0" allowfullscreen></iframe>
</div>
<div class="wiki-content">
<h2 id="Whatishappening?">What is happening?</h2>
<p>To improve security and privacy, and <a
href="https://www.whitehouse.gov/blog/2015/06/08/https-everywhere-government"
class="external-link" rel="nofollow"
>by Federal government mandate</a>, NCBI moved its Web sites to <a
href="https://https.cio.gov/" class="external-link" rel="nofollow"
>HTTPS only</a> by September 30, 2016.</p>
<p>To give software vendors time to respond, that deadline was extended for users of NCBI Web APIs to <strong>November 9, 2016</strong>.</p>
<p>This document is retained for historical and informational purposes. Advice appearing on this page about HTTPS compliance remains valid.</p>
<p><strong>If you use NCBI only through a Web browser</strong> (like Safari, Firefox, Chrome, Internet Explorer, Opera, etc.), <strong>this document is not of interest to you.</strong> The only change you should notice after the deadline is that a green lock icon should appear inside the box, and the web addresses of the NCBI pages you visit will start with <code>https://</code>.</p>
<p>
<strong>If you maintain software that uses NCBI APIs or accesses NCBI servers through the Web, you should understand and act before the deadline to ensure uninterrupted service.</strong>
</p>
<p>NCBI Web services include APIs such as <a href="https://www.ncbi.nlm.nih.gov/books/NBK25501/"
class="external-link" rel="nofollow">NCBI eutilities</a> and <a
href="https://blast.ncbi.nlm.nih.gov/Blast.cgi?CMD=Web&amp;PAGE_TYPE=BlastDocs&amp;DOC_TYPE=DeveloperInfo"
class="external-link" rel="nofollow"
>BLAST URLAPI</a> that client applications use to access NCBI data. A number of them (though not a comprehensive set) are listed on or linked from our <a
href="../../develop/api/" class="external-link" rel="nofollow"
>APIs page</a>.</p>
<p>Applications that access NCBI web servers using <code>http://</code> URLs, instead of <code>https://</code> URLs, may fail partially or completely after NCBI switches to HTTPS-only.</p>
<p>This document explains our transition plan, and provides guidance to developers about how to update their applications (scripts, server-side applications like CGIs, browser plugins, etc.), before the switchover, to prevent failure.</p>
<h2 id="NCBIismovingallwebservicestoHTTPS"
>NCBI is moving all web services to HTTPS</h2>
<p>
<span>The HTTP protocol does not provide encryption, so anyone who can see web traffic between a client (for example, a web browser) and a server can intercept potentially sensitive information, and/or inject malware into users' browsers or operating systems. HTTPS solves this problem. It works just like HTTP, except that traffic is encrypted in both directions, so observers between the client and the server can't intercept or tamper with the requests or responses. It also provides authentication, ensuring that the client is communicating with the intended server given by the hostname, and not some impostor. </span>
</p>
<p>
The Federal Office of Management and Budget requires all Federal Web sites to switch to HTTPS-only (meaning, HTTP will be disabled) by December 31, 2016. However, NCBI, being a part of the National Library of Medicine, had an earlier deadline of September 30, 2016.
</p>
<p>
All public-facing web pages at NCBI now operate exclusively over https. To give software vendors and their customers more time to update their software, NCBI extended the deadline for
web service https compliance to November 9, 2016.
</p>
<h2 id="Updateyourapplicationsassoonaspossible"
>Update your applications as soon as possible
</h2>
<p>NCBI Web resources are all available now on HTTPS, so you can update your software immediately. </p>
<p>
<span>To ensure that your applications work before and after the switchover, update them so that URLs for all requests to NCBI servers start with <code>https:</code> instead of <code>http:</code>. For example, if your application searches PubMed using <a
href="http://eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi"
class="external-link" rel="nofollow"
><strong>http:</strong>//eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi</a>, update it to use <a
href="https://eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi"
class="external-link" rel="nofollow"
><strong>https:</strong>//eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi</a> instead. Please report any problems you encounter to <a
href="mailto:info@ncbi.nlm.nih.gov" rel="nofollow">info@ncbi.nlm.nih.gov</a>.</span>
</p>
<p>
<span>Many script authors access NCBI services using third-party libraries like biojava, bioperl, biopython, bioruby, etc. In these cases, you may be able to update your application by simply updating the library you use to the most recent version. The table below provides information on versions of libraries we know about that already use HTTPS to interact with NCBI servers.</span>
</p>
<div class="table-wrap">
<table class="jig-ncbigrid">
<thead>
<tr >
<th data-column="d">
<div>Library</div>
</th>
<th data-column="1">
<div>Uses HTTPS for NCBI services?</div>
</th>
<th data-column="2">
<div>Compliant Version</div>
</th>
</tr>
</thead>
<tbody>
<tr>
<td>BioJava</td>
<td>Yes</td>
<td>
<p><a href="https://github.com/biojava/biojava-legacy" class="external-link"
rel="nofollow">biojava-legacy</a> 1.9.3<br><a
href="https://github.com/biojava/biojava" class="external-link"
rel="nofollow">biojava</a> 4.2.4</p>
</td>
</tr>
<tr>
<td>BioPerl</td>
<td>Yes</td>
<td><a href="https://metacpan.org/release/BioPerl">BioPerl 1.7</a> (<a href="https://github.com/bioperl/bioperl-live/pull/185"
class="external-link" rel="nofollow">pull request)</a></td>
</tr>
<tr>
<td>Biopython</td>
<td>Yes</td>
<td><a href="http://biopython.org/wiki/Download" class="external-link"
rel="nofollow">Biopython 1.67</a> (<a
href="https://raw.githubusercontent.com/biopython/biopython/master/NEWS"
class="external-link" rel="nofollow">release notes</a>)</td>
</tr>
<tr>
<td>BioRuby</td>
<td>Yes</td>
<td>
<a href="http://bioruby.org/archive/bioruby-1.5.1.tar.gz" class="external-link" rel="nofollow">BioRuby 1.5.1</a>
(<a href="https://github.com/bioruby/bioruby/issues/110" class="external-link" rel="nofollow">github issue</a>,)
(<a href="http://bioruby.org/rdoc/RELEASE_NOTES_rdoc.html" class="external-link" rel="nofollow">release notes</a>)
</td>
</tr>
<tr>
<td>biogo</td>
<td>Yes</td>
<td>
<a href="https://github.com/biogo/ncbi" class="external-link" rel="nofollow"
>most recent HEAD revision of master branch</a>
(<a href="https://github.com/biogo/ncbi/issues/3" class="external-link" rel="nofollow">github issue</a>)
</td>
</tr>
<tr>
<td>reutils (R)</td>
<td>Yes</td>
<td>0.2.3, see <a href="https://github.com/gschofl/reutils">https://github.com/gschofl/reutils</a>
(<a href="https://github.com/gschofl/reutils/issues/7">github issue</a>)</td>
</tr>
</tbody>
</table>
</div>
<p>
<span>Once you have updated and tested your application, it will continue to work as before, and no other action is required. This is the best option for scripts, CGIs, and other Web client software for which you have the source code and the ability to update it and deploy a new release before the deadline.</span>
</p>
<h2>After November 9, 2016, NCBI HTTP servers will redirect or reject all HTTP requests.</h2>
<p>All interactive web traffic to NCBI servers has been successfully moved to HTTPS. After the switchover date, November 9, 2016, requests to web services such as eutilities and BLAST URLAPI will also begin redirecting http requests to https.
</p>
<p>
<span>If you do not update your application before the switchover date, these redirects from NCBI HTTP servers <em>may</em> buy you time to make the updates later.</span>
</p>
<p>After November 9, 2016, all traffic from NCBI HTTP servers, including Web services, will:</p>
<ol>
<li>respond with a server-side redirect (<code>HTTP 301 Moved permanently</code>) to the corresponding URL on HTTPS, <em>only</em> for <code>HTTP GET</code> and <code>HEAD</code> requests;
<li>respond with <code>HTTP 403 Forbidden </code>and an error message, to all requests other than <code>GET</code> and <code>HEAD</code> (including and especially <code>HTTP POST</code>);
<li>include in every HTTPS response an <a
href="https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet"
class="external-link" rel="nofollow">HTTP Strict Transport Security</a> (HSTS) header, which instructs browsers to automatically communicate thereafter only with HTTPS on that domain. (HSTS applies only to browsers, though other Web clients like scripts are free to implement it.) The HSTS header has a 1-year expiration date.
<li>include in every HTTPS response the header <code>Content-Security-Policy: upgrade-insecure-requests</code>, which causes most browsers to automatically upgrade
<code>http://</code> links to <code>https://</code>, automatically avoiding most mixed content problems.
</ol>
<p>
After switchover, the HTTP redirects will remain in place for an as-yet undetermined period, but at least until the Federal deadline of December 31, 2016.
</p>
<h2>After switchover, applications that access NCBI APIs using HTTP may fail</h2>
<p>After the switchover date, applications that still try to access NCBI via HTTP (i.e., on port 80) may fail for a few possible reasons:</p>
<ol>
<li><em>Your programming environment's HTTP facility does not automatically follow redirects from HTTP to HTTPS.</em> Some libraries follow redirections from HTTP to HTTPS; others do not. Java's <code>URLConnection</code>, for example, <a
href="http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/upgrade-guide/article-17.html"
class="external-link" rel="nofollow"
>does not automatically follow HTTP-to-HTTPS redirects by design</a>, even for safe methods like <code>GET</code> and <code>HEAD</code>.
<li><em>Your application uses HTTP verbs other than GET and HEAD. </em>All other HTTP requests (including especially <code>POST</code> and <code>PUT</code> requests) to HTTP URLs at NCBI will fail unconditionally (with <code>HTTP 403 Forbidden)</code> after the switchover date.
<li><em>Your application access NCBI resources through a proxy.</em> Some organizations use proxy servers to access the NCBI web site. These proxy servers must communicate with NCBI using https, which means they need valid certificates. If your application access NCBI through a proxy, check with the proxy vendor about https support and how to add or update certificates.
<li>
<em>Your programming environment does not support HTTPS.</em>
</ol>
<p>In any of these cases, if the application does not work with https, the only solution is to update your all NCBI URLs to use HTTPS exclusively.</p>
<h2 id="exeptions">Some requests will be temporarily exempt from redirection</h2>
<p>
For various technical reasons, certain requests will be temporarily exempt from redirection.
Once the underlying technical issue is resolved, the exemption will be lifted, and redirection will
begin without further public warning.
</p>
<p>
The following http requests will be temporarily exempt from redirection:
</p>
<ul>
<li>Requests with request-uri matching the regular expression <code>\.(xsd|xml|dtd|ent)$</code>
<li>Requests to the hosts <code>dtd.nlm.nih.gov</code> and <code>jats.nlm.nih.gov</code>
</ul>
<h2 id="redirects">Redirects will be maintained indefinitely</h2>
<p>All public NCBI servers are already enabled for HTTPS, so you can update your application to use HTTPS now, and test it on our live servers. Once you have updated to HTTPS, no further action is required. Please send questions or report problems to <a
href="mailto:info@ncbi.nlm.nih.gov" class="external-link" rel="nofollow"
>info@ncbi.nlm.nih.gov</a>.</p>
<p>In keeping with current US Federal Government policy, NCBI
intends to maintain these redirects on public servers
indefinitely. Nevertheless, it is to your advantage to update you
applications to use https only as soon as possible, both for
performance and security reasons.</p>
<h2 id="referrers">About Referrers</h2>
<p>
A "referrer" is an HTTP header, <code>HTTP_REFERER</code> [sic],
that contains the address of the webpage that linked to the page
being retrieved. Some websites analyze referrers to better
understand their incoming web traffic; for example, to find out
what percentage of their traffic comes from a particular search
engine. But third-party websites can also use referrer information
to discover information about individual users,
such as their search terms and the pages they have visited.
</p>
<p>
Because of this privacy concern, NCBI's website tells web
browsers to limit the referrer to just the scheme and domain
name (e.g., https://www.ncbi.nlm.nih.gov), and to omit the
request URI and query string. This limitation is enforced
by the <code>Referrer-Policy</code> HTTP header and the
<code>&lt;meta name="referrer"&gt;</code> meta tag. Limiting the
referrer to just the scheme and domain name
balances the user's right to privacy with website
owners' need to understand their web traffic. See
<a href="https://moz.com/blog/meta-referrer-tag">The Meta
Referrer Tag: An Advancement for SEO and the Internet</a>
for a detailed description of the problem and the solution.
<p>
This policy follows official cio.gov guidance on referrers;
see <a href="http://bit.ly/gov-https-referrer">http://bit.ly/gov-https-referrer</a>
for details.
</p>
<h2 id="more">For more information</h2>
<p>For more on the US Federal government HTTPS-only initiative, see <a
href="https://https.cio.gov" class="external-link" rel="nofollow"
>https://https.cio.gov</a>.</p>
<p>For questions, comments, or problems, contact the NCBI service desk at <a
href="mailto:info@ncbi.nlm.nih.gov" class="external-link" rel="nofollow"
>info@ncbi.nlm.nih.gov</a>.</p>
<p> </p>
<p> </p>
</div>
</div>
<footer data-section="footer">
<div xmlns="http://www.w3.org/1999/xhtml" class="footer" id="footer" xml:base="http://127.0.0.1/sites/static/header_footer/">
<section class="icon-section">
<div id="icon-section-header" class="icon-section_header">Follow NCBI</div>
<div class="grid-container container">
<div class="icon-section_container">
<a class="footer-icon" id="footer_twitter" href="https://twitter.com/ncbi" aria-label="Twitter">
<svg xmlns="http://www.w3.org/2000/svg" width="40" height="40" viewbox="0 0 40 40" fill="none">
<title>Twitter</title>
<g id="twitterx1008">
<path id="path1008" d="M6.06736 7L16.8778 20.8991L6.00001 32.2H10.2L18.6 23.1L25.668 32.2H34L22.8 17.5L31.9 7H28.4L20.7 15.4L14.401 7H6.06898H6.06736ZM9.66753 8.73423H12.9327L29.7327 30.4658H26.5697L9.66753 8.73423Z" fill="#5B616B"></path>
</g>
</svg>
</a>
<a class="footer-icon" id="footer_facebook" href="https://www.facebook.com/ncbi.nlm" aria-label="Facebook"><svg xmlns="http://www.w3.org/2000/svg" data-name="Layer 1" viewbox="0 0 300 300">
<title>Facebook</title>
<path class="cls-11" d="M210.5,115.12H171.74V97.82c0-8.14,5.39-10,9.19-10h27.14V52l-39.32-.12c-35.66,0-42.42,26.68-42.42,43.77v19.48H99.09v36.32h27.24v109h45.41v-109h35Z">
</path>
</svg></a>
<a class="footer-icon" id="footer_linkedin" href="https://www.linkedin.com/company/ncbinlm" aria-label="LinkedIn"><svg xmlns="http://www.w3.org/2000/svg" data-name="Layer 1" viewbox="0 0 300 300">
<title>LinkedIn</title>
<path class="cls-11" d="M101.64,243.37H57.79v-114h43.85Zm-22-131.54h-.26c-13.25,0-21.82-10.36-21.82-21.76,0-11.65,8.84-21.15,22.33-21.15S101.7,78.72,102,90.38C102,101.77,93.4,111.83,79.63,111.83Zm100.93,52.61A17.54,17.54,0,0,0,163,182v61.39H119.18s.51-105.23,0-114H163v13a54.33,54.33,0,0,1,34.54-12.66c26,0,44.39,18.8,44.39,55.29v58.35H198.1V182A17.54,17.54,0,0,0,180.56,164.44Z">
</path>
</svg></a>
<a class="footer-icon" id="footer_github" href="https://github.com/ncbi" aria-label="GitHub"><svg xmlns="http://www.w3.org/2000/svg" data-name="Layer 1" viewbox="0 0 300 300">
<defs>
<style>
.cls-11,
.cls-12 {
fill: #737373;
}
.cls-11 {
fill-rule: evenodd;
}
</style>
</defs>
<title>GitHub</title>
<path class="cls-11" d="M151.36,47.28a105.76,105.76,0,0,0-33.43,206.1c5.28,1,7.22-2.3,7.22-5.09,0-2.52-.09-10.85-.14-19.69-29.42,6.4-35.63-12.48-35.63-12.48-4.81-12.22-11.74-15.47-11.74-15.47-9.59-6.56.73-6.43.73-6.43,10.61.75,16.21,10.9,16.21,10.9,9.43,16.17,24.73,11.49,30.77,8.79,1-6.83,3.69-11.5,6.71-14.14C108.57,197.1,83.88,188,83.88,147.51a40.92,40.92,0,0,1,10.9-28.39c-1.1-2.66-4.72-13.42,1-28,0,0,8.88-2.84,29.09,10.84a100.26,100.26,0,0,1,53,0C198,88.3,206.9,91.14,206.9,91.14c5.76,14.56,2.14,25.32,1,28a40.87,40.87,0,0,1,10.89,28.39c0,40.62-24.74,49.56-48.29,52.18,3.79,3.28,7.17,9.71,7.17,19.58,0,14.15-.12,25.54-.12,29,0,2.82,1.9,6.11,7.26,5.07A105.76,105.76,0,0,0,151.36,47.28Z">
</path>
<path class="cls-12" d="M85.66,199.12c-.23.52-1.06.68-1.81.32s-1.2-1.06-.95-1.59,1.06-.69,1.82-.33,1.21,1.07.94,1.6Zm-1.3-1">
</path>
<path class="cls-12" d="M90,203.89c-.51.47-1.49.25-2.16-.49a1.61,1.61,0,0,1-.31-2.19c.52-.47,1.47-.25,2.17.49s.82,1.72.3,2.19Zm-1-1.08">
</path>
<path class="cls-12" d="M94.12,210c-.65.46-1.71,0-2.37-.91s-.64-2.07,0-2.52,1.7,0,2.36.89.65,2.08,0,2.54Zm0,0"></path>
<path class="cls-12" d="M99.83,215.87c-.58.64-1.82.47-2.72-.41s-1.18-2.06-.6-2.7,1.83-.46,2.74.41,1.2,2.07.58,2.7Zm0,0">
</path>
<path class="cls-12" d="M107.71,219.29c-.26.82-1.45,1.2-2.64.85s-2-1.34-1.74-2.17,1.44-1.23,2.65-.85,2,1.32,1.73,2.17Zm0,0">
</path>
<path class="cls-12" d="M116.36,219.92c0,.87-1,1.59-2.24,1.61s-2.29-.68-2.3-1.54,1-1.59,2.26-1.61,2.28.67,2.28,1.54Zm0,0">
</path>
<path class="cls-12" d="M124.42,218.55c.15.85-.73,1.72-2,1.95s-2.37-.3-2.52-1.14.73-1.75,2-2,2.37.29,2.53,1.16Zm0,0"></path>
</svg></a>
<a class="footer-icon" id="footer_blog" href="https://ncbiinsights.ncbi.nlm.nih.gov/" aria-label="Blog">
<svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" data-name="Layer 1" viewbox="0 0 40 40">
<defs><style>.cls-1{fill:#737373;}</style></defs>
<title>NCBI Insights Blog</title>
<path class="cls-1" d="M14,30a4,4,0,1,1-4-4,4,4,0,0,1,4,4Zm11,3A19,19,0,0,0,7.05,15a1,1,0,0,0-1,1v3a1,1,0,0,0,.93,1A14,14,0,0,1,20,33.07,1,1,0,0,0,21,34h3a1,1,0,0,0,1-1Zm9,0A28,28,0,0,0,7,6,1,1,0,0,0,6,7v3a1,1,0,0,0,1,1A23,23,0,0,1,29,33a1,1,0,0,0,1,1h3A1,1,0,0,0,34,33Z"></path>
</svg>
</a>
</div>
</div>
</section>
<section class="container-fluid bg-primary">
<div class="container pt-5">
<div class="row mt-3">
<div class="col-lg-3 col-12">
<p><a class="text-white" href="https://www.nlm.nih.gov/socialmedia/index.html">Connect with NLM</a></p>
<ul class="list-inline social_media">
<li class="list-inline-item"><a href="https://twitter.com/NLM_NIH" aria-label="Twitter" target="_blank" rel="noopener noreferrer">
<svg xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewbox="0 0 36 35" fill="none">
<title>Twitter</title>
<g id="twitterx1009" clip-path="url(#clip0_65276_3946)">
<path id="Vector_Twitter" d="M17.5006 34.6565C26.9761 34.6565 34.6575 26.9751 34.6575 17.4996C34.6575 8.02416 26.9761 0.342773 17.5006 0.342773C8.02514 0.342773 0.34375 8.02416 0.34375 17.4996C0.34375 26.9751 8.02514 34.6565 17.5006 34.6565Z" fill="#205493" stroke="white" stroke-width="1.0" stroke-miterlimit="10"></path>
<path id="path1009" d="M8.54811 8.5L16.2698 18.4279L8.50001 26.5H11.5L17.5 20L22.5486 26.5H28.5L20.5 16L27 8.5H24.5L19 14.5L14.5007 8.5H8.54927H8.54811ZM11.1197 9.73873H13.4519L25.4519 25.2613H23.1926L11.1197 9.73873Z" fill="white"></path>
</g>
<defs>
<clippath id="clip0_65276_3946">
<rect width="35" height="35" fill="white"></rect>
</clippath>
</defs>
</svg>
</a></li>
<li class="list-inline-item"><a href="https://www.facebook.com/nationallibraryofmedicine" aria-label="Facebook" rel="noopener noreferrer" target="_blank">
<svg xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewbox="0 0 36 35" fill="none">
<title>Facebook</title>
<g id="Facebook" clip-path="url(#clip0_1717_1086)">
<path id="Vector_Facebook" d="M15.1147 29.1371C15.1147 29.0822 15.1147 29.0296 15.1147 28.9747V18.9414H11.8183C11.6719 18.9414 11.6719 18.9414 11.6719 18.8018C11.6719 17.5642 11.6719 16.3289 11.6719 15.0937C11.6719 14.9793 11.7062 14.9518 11.816 14.9518C12.8683 14.9518 13.9206 14.9518 14.9751 14.9518H15.1215V14.8329C15.1215 13.8057 15.1215 12.774 15.1215 11.7492C15.1274 10.9262 15.3148 10.1146 15.6706 9.37241C16.1301 8.38271 16.9475 7.60378 17.9582 7.19235C18.6492 6.90525 19.3923 6.76428 20.1405 6.7783C21.0029 6.79202 21.8653 6.83091 22.7278 6.86065C22.8879 6.86065 23.048 6.89496 23.2082 6.90182C23.2974 6.90182 23.3271 6.94071 23.3271 7.02993C23.3271 7.54235 23.3271 8.05477 23.3271 8.5649C23.3271 9.16882 23.3271 9.77274 23.3271 10.3767C23.3271 10.4819 23.2974 10.5139 23.1921 10.5116C22.5379 10.5116 21.8814 10.5116 21.2271 10.5116C20.9287 10.5184 20.6316 10.5528 20.3395 10.6146C20.0822 10.6619 19.8463 10.7891 19.6653 10.9779C19.4842 11.1668 19.3672 11.4078 19.3307 11.6669C19.2857 11.893 19.2612 12.1226 19.2575 12.3531C19.2575 13.1904 19.2575 14.0299 19.2575 14.8695C19.2575 14.8946 19.2575 14.9198 19.2575 14.9564H23.0229C23.1807 14.9564 23.183 14.9564 23.1624 15.1074C23.0778 15.7662 22.9885 16.425 22.9039 17.0816C22.8322 17.6321 22.7636 18.1827 22.698 18.7332C22.6729 18.9437 22.6797 18.9437 22.4693 18.9437H19.2644V28.8992C19.2644 28.9793 19.2644 29.0593 19.2644 29.1394L15.1147 29.1371Z" fill="white"></path>
<path id="Vector_2_Facebook" d="M17.5006 34.657C26.9761 34.657 34.6575 26.9756 34.6575 17.5001C34.6575 8.02465 26.9761 0.343262 17.5006 0.343262C8.02514 0.343262 0.34375 8.02465 0.34375 17.5001C0.34375 26.9756 8.02514 34.657 17.5006 34.657Z" stroke="white" stroke-width="1.0" stroke-miterlimit="10"></path>
</g>
<defs>
<clippath id="clip0_1717_1086">
<rect width="35" height="35" fill="white"></rect>
</clippath>
</defs>
</svg>
</a></li>
<li class="list-inline-item"><a href="https://www.youtube.com/user/NLMNIH" aria-label="Youtube" target="_blank" rel="noopener noreferrer">
<svg xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewbox="0 0 36 35" fill="none">
<title>Youtube</title>
<g id="YouTube" clip-path="url(#clip0_1717_1101)">
<path id="Vector_Youtube" d="M26.2571 11.4791C25.9025 11.1589 25.5709 10.9576 24.228 10.834C22.5512 10.6785 20.2797 10.6556 18.564 10.6533H16.4365C14.7208 10.6533 12.4493 10.6785 10.7725 10.834C9.43196 10.9576 9.09798 11.1589 8.7434 11.4791C7.81464 12.321 7.6202 14.6268 7.59961 16.8938C7.59961 17.3178 7.59961 17.741 7.59961 18.1635C7.62706 20.4121 7.82837 22.686 8.7434 23.521C9.09798 23.8412 9.42967 24.0425 10.7725 24.1661C12.4493 24.3216 14.7208 24.3445 16.4365 24.3468H18.564C20.2797 24.3468 22.5512 24.3216 24.228 24.1661C25.5686 24.0425 25.9025 23.8412 26.2571 23.521C27.1722 22.6929 27.3735 20.451 27.4009 18.2206C27.4009 17.7402 27.4009 17.2599 27.4009 16.7795C27.3735 14.5491 27.1699 12.3072 26.2571 11.4791ZM15.5604 20.5311V14.652L20.561 17.5001L15.5604 20.5311Z" fill="white"></path>
<path id="Vector_2_Youtube" d="M17.5006 34.657C26.9761 34.657 34.6575 26.9756 34.6575 17.5001C34.6575 8.02465 26.9761 0.343262 17.5006 0.343262C8.02514 0.343262 0.34375 8.02465 0.34375 17.5001C0.34375 26.9756 8.02514 34.657 17.5006 34.657Z" stroke="white" stroke-width="1.0" stroke-miterlimit="10"></path>
</g>
<defs>
<clippath id="clip0_1717_1101">
<rect width="35" height="35" fill="white"></rect>
</clippath>
</defs>
</svg>
</a></li>
</ul>
</div>
<div class="col-lg-3 col-12">
<p class="address_footer text-white">National Library of Medicine<br />
<a href="https://www.google.com/maps/place/8600+Rockville+Pike,+Bethesda,+MD+20894/@38.9959508,-77.101021,17z/data=!3m1!4b1!4m5!3m4!1s0x89b7c95e25765ddb:0x19156f88b27635b8!8m2!3d38.9959508!4d-77.0988323" class="text-white" target="_blank" rel="noopener noreferrer">8600 Rockville Pike<br />
Bethesda, MD 20894</a></p>
</div>
<div class="col-lg-3 col-12 centered-lg">
<p><a href="https://www.nlm.nih.gov/web_policies.html" class="text-white">Web Policies</a><br />
<a href="https://www.nih.gov/institutes-nih/nih-office-director/office-communications-public-liaison/freedom-information-act-office" class="text-white">FOIA</a><br />
<a href="https://www.hhs.gov/vulnerability-disclosure-policy/index.html" class="text-white" id="vdp">HHS Vulnerability Disclosure</a></p>
</div>
<div class="col-lg-3 col-12 centered-lg">
<p><a class="supportLink text-white" href="https://support.nlm.nih.gov/">Help</a><br />
<a href="https://www.nlm.nih.gov/accessibility.html" class="text-white">Accessibility</a><br />
<a href="https://www.nlm.nih.gov/careers/careers.html" class="text-white">Careers</a></p>
</div>
</div>
<div class="row">
<div class="col-lg-12 centered-lg">
<nav class="bottom-links">
<ul class="mt-3">
<li>
<a class="text-white" href="//www.nlm.nih.gov/">NLM</a>
</li>
<li>
<a class="text-white" href="https://www.nih.gov/">NIH</a>
</li>
<li>
<a class="text-white" href="https://www.hhs.gov/">HHS</a>
</li>
<li>
<a class="text-white" href="https://www.usa.gov/">USA.gov</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
</section>
<script type="text/javascript" src="/portal/portal3rc.fcgi/rlib/js/InstrumentOmnitureBaseJS/InstrumentNCBIConfigJS/InstrumentNCBIBaseJS/InstrumentPageStarterJS.js?v=1"> </script>
<script type="text/javascript" src="/portal/portal3rc.fcgi/static/js/hfjs2.js"> </script>
</div>
<script type="text/javascript" src="../../hp.js"> </script>
<script type="text/javascript" src="../../components/ncbi-standards/hf/header.js"> </script>
<script type="text/javascript" src="../../check_youtube/check_youtube.js"> </script>
<script type="text/javascript" src="/portal/portal3rc.fcgi/rlib/js/InstrumentNCBIBaseJS/InstrumentPageStarterJS.js"> </script>
</footer>
</div>
</body>
</html>
Reference in a new issue View git blame Copy permalink