NCBI Secure Website Tests
What is happening?
To improve security and privacy, and by Federal government mandate, NCBI is moving all of its web sites and services, including web APIs, to HTTPS only by September 30, 2016. This change will provide you with greatly increased privacy and security on the NCBI site.
To prepare for this change, NCBI will be running a series of tests, where we move most web traffic to HTTPS for a short period, to check for problems and to ensure that all resources work properly with HTTPS.
When are the tests?
The next test is scheduled for 8:00 AM - 12:00 PM, Eastern Daylight Time (12:00 - 16:00 UTC), on Thursday, September 22.
Subsequent tests are:
- Monday, September 26, 2016 from 8:00 AM - 12:00 PM EDT (12:00 - 16:00 UTC)
Starting Tuesday, September 27, 2016 at 8:00 AM EDT (12:00 UTC), we intend to permanently redirect all web page traffic from http to https. This means that, after that time, your browser will always access NCBI using https. We are making this switch a few days before the deadline so that we have to the rest of the week to deal with any problems that occur.
How will the tests affect me?
Hopefully, you will notice nothing more than improved privacy and security. In your web browser's address bar, you will notice that the web address (URL) will start with
http://). You should also see a small green padlock icon that indicates that the NCBI website security is working properly.
You may also notice that, as soon as you click a web link, use a bookmark, or type a URL into your browser's address bar, the URL immediately changes from one starting with
https://. This behavior is normal during the test, and will be the standard behavior for
http://URLs after NCBI switches to HTTPS only.
However, you may see minor problems such as:
- An icon in the browser address bar may appear as some other color, such as yellow, gray, or red
- Missing images on pages
- Web forms that don't work properly when submitted
- Active page elements that don't work correctly
- A page that says "Forbidden", and a message explaining that the service is no longer available on http
- A message that says the site is "not secure"
- Browser extensions may not work correctly or at all
- Images and forms may not work correctly when the NCBI site is accessed through a proxy server
These events are all logged as errors by our servers. There is no need for you to report them to NCBI.
If I encounter a problem, what should I do?
NCBI's analysis tools should be able to identify and log most problems during the test, so there is usually no need to report problems to NCBI. If the page you want to use doesn't work during the test period, wait until the test is over and try again. If your problem continues, you may need to change the URL in the address bar to start with
http://instead of after the test has ended.) If your Web request was for a long-running process such as a BLAST job, resubmit the search and run it again. You can also try cleaning your browser's cache and clearing cookies.
If these attempts fail, contact us using the Help Desk link (at the bottom right of most pages, in the page footer), explaining the problem in detail. Or send email to firstname.lastname@example.org, describing the problem.
Will my scripts and programs run properly during the test?
If you have scripts or programs that access NCBI web services, such as eutilities and BLAST URL-API, your service may or may not work correctly during the test period. If you have doubts, you may want to try running your scripts or starting your program during the test period to see whether it operates correctly, or needs to be updated. (There's no need to wait for the test--we have set up test servers that you can use to run those tests with your scripts and programs at any time.) See HTTPS at NCBI: Guidance for users of NCBI Web APIs for advice on how to update programs and scripts to use HTTPS.
Commercial or open-source desktop client software that accesses PubMed, BLAST, or other NCBI resources; or commercial or open-source web tools like proxy servers or browser extensions, may fail during the test period. In this case, please directly contact the software author vendor. You may want to send them the link to HTTPS at NCBI: Guidance for users of NCBI Web APIs.
For questions, comments, or problems, contact the NCBI service desk at email@example.com.
Will my scripts and programs run properly after the permanent switch to https?
Again, it depends. For more detailed advice about upgrading your programs to work with https, see HTTPS at NCBI: Guidance for users of NCBI Web APIs.