You are here: Home / News / December 5, 2016

December 5, 2016

Mandatory HTTPS encryption coming to USGS websites

USGS websites will be switching to the secure and encrypted HTTPS protocol during December, 2016. For most users, the changes won’t be noticeable other than a visual change in web browsers indicating a private connection. But users who write or maintain software that uses USGS web services could be impacted and should read on for details.

After this switch, requests for USGS web resources using the HTTP protocol will receive one of the 3xx Redirection HTTP status codes indicating an equivalent HTTPS URL. Software that receives this response likely falls into one of these categories:
  • No change required. Many underlying software libraries transparently process redirects and switch to the HTTPS protocol with no required programming changes. The additional redirect will reduce performance slightly, however, so an optimization would be changing all USGS URLs to HTTPS.
  • Does not follow redirects automatically, change required. Some software libraries may report redirects as errors instead of following them. For this, change all USGS URLs to HTTPS, or alter the software to follow the redirect response.
  • Supports HTTPS only with additional configuration, change required. Underlying software libraries might require additional configuration, installed modules, or invocation options to support HTTPS.
  • Does not support HTTPS, potentially major change required. Some software libraries, particularly older ones, might not be capable of supporting HTTPS. For this, alternate libraries can be sought or the software can be ported to another language or platform that supports HTTPS.

Software developers may test a software library’s redirect and HTTPS support by retrieving an arbitrary web resource, including this URL that generates a 3xx redirect to an HTTPS URL: http://https.cio.gov USGS may provide limited testing, upon request, of waterdata.usgs.gov and waterservices.usgs.gov before the switch. This conversion is part of a federal-government-wide effort observing that “the American people expect government websites to be secure and their interactions with those websites to be private.” USGS is pleased to support this effort.