Link with unencrypted protocol

Reports the links that use unencrypted protocols (such as HTTP), which can expose your data to man-in-the-middle attacks. These attacks are dangerous in general and may be especially harmful for artifact repositories. Use protocols with encryption, such as HTTPS, instead.

See HTTPS: Difference from HTTP (wikipedia.org).

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

HttpUrlsUsage

Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | Security

Inspection ID: HttpUrlsUsage

Inspection options

Here you can find the description of settings available for the Link with unencrypted protocol inspection, and the reference of their default values.

Ignore comments

Option ID:

ignoreComments

Default value:

Selected

Ignore URLs with no top-level domain

Option ID:

withTldOnly

Default value:

Selected

Ignore IP addresses

Option ID:

ignoreIpAddresses

Default value:

Selected

Ignored URLs

Option ID:

ignoredUrls

Default value:

[http://localhost, http://127.0.0.1, http://0.0.0.0, http://www.w3.org/, http://json-schema.org/draft, http://java.sun.com/, http://xmlns.jcp.org/, http://javafx.com/javafx/, http://javafx.com/fxml, http://maven.apache.org/xsd/, http://maven.apache.org/POM/, http://www.springframework.org/schema/, http://www.springframework.org/tags, http://www.springframework.org/security/tags, http://www.thymeleaf.org, http://www.jboss.org/j2ee/schema/, http://www.jboss.com/xml/ns/, http://www.ibm.com/webservices/xsd, http://activemq.apache.org/schema/, http://schema.cloudfoundry.org/spring/, http://schemas.xmlsoap.org/, http://cxf.apache.org/schemas/, http://primefaces.org/ui, http://tiles.apache.org/]

Suppressing Inspection

You can suppress this inspection by placing the following comment marker before the code fragment where you no longer want messages from this inspection to appear:

//noinspection HttpUrlsUsage

More detailed instructions as well as other ways and options that you have can be found in the product documentation:

Inspection Details
By default bundled with:	CLion 2025.2, DataSpell 2025.2, GoLand 2025.2, IntelliJ IDEA 2025.2, JetBrains Rider 2025.2, PhpStorm 2025.2, PyCharm 2025.2, Qodana for .NET 2025.2, Qodana for Go 2025.2, Qodana for JS 2025.2, Qodana for JVM 2025.2, Qodana for PHP 2025.2, Qodana for Ruby 2025.2, RubyMine 2025.2, WebStorm 2025.2

Last modified: 18 September 2025