fix SSL Labs URL

The protocol was missing.
18F · 97c8794ac1360b32099dbc803baa90633f625e06 · paulswartz committed Mar 31, 2016 · Mar 31, 2016 · 97c8794
1 parent c0fef4b
commit 97c8794ac1360b32099dbc803baa90633f625e06
Unified Split

Showing with 1 addition and 1 deletion.

+1 −1 README.md
diff --git a/README.md b/README.md
@@ -149,7 +149,7 @@ Any new API should use and require [HTTPS encryption](https://en.wikipedia.org/w
 * **Privacy**. Enhanced privacy for apps and users using the API. HTTP headers and query string parameters (among other things) will be encrypted.
 * **Compatibility**. Broader client-side compatibility. For CORS requests to the API to work on HTTPS websites -- to not be blocked as mixed content -- those requests must be over HTTPS.
 
-HTTPS should be configured using modern best practices, including ciphers that support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), and [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). **This is not exhaustive**: use tools like [SSL Labs](ssllabs.com/ssltest/analyze.html) to evaluate an API's HTTPS configuration.
+HTTPS should be configured using modern best practices, including ciphers that support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), and [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). **This is not exhaustive**: use tools like [SSL Labs](https://www.ssllabs.com/ssltest/analyze.html) to evaluate an API's HTTPS configuration.
 
 For an existing API that runs over plain HTTP, the first step is to add HTTPS support, and update the documentation to declare it the default, use it in examples, etc.