Important Changes to PubChem Web Protocols

PubChem will no longer use HTTP web URLs in favor of HTTPS by September 30, 2016.

What does this mean to you?

Currently, PubChem supports both HTTP and HTTPS web URLs. For example, both URLs http://pubchem.ncbi.nlm.nih.gov and https://pubchem.ncbi.nlm.nih.gov take you to PubChem. However, by September 30, 2016, the HTTP web protocol will be retired in favor of the HTTPS protocol. Furthermore, the HTTPS web protocol will be implemented according to the HTTPS-Only Standard. Any attempt to access PubChem after September 30, 2016 using a web URL starting with “http:” may no longer work.

For the most part, this change will be invisible to you as PubChem started to use HTTPS protocol in early 2014. Today, many sites are using HTTPS when linking to PubChem with an URL. However, those still accessing PubChem using the HTTP protocol will need to be updated to the HTTPS protocol.

Why the change?

On June 8, 2015, the US federal government issued a HTTPS-only policy for all publicly accessible Federal websites.  As a part of this mandate, the National Center for Biotechnology Information (NCBI) recently announced important changes to NCBI Web Protocols to adopt HTTPS on September 30, 2016. A webinar is available on the NCBI YouTube channel that explains how this will affect access to web pages. PubChem resides at NCBI and will adopt the same HTTPS-only policy.

Why is this change being mandated?

The unencrypted HTTP protocol does not protect data from interception or alteration, which can subject users to eavesdropping, tracking, and the modification of received data. The regular unencrypted HTTP protocols create some vulnerabilities and may expose potentially sensitive information about users to hackers. The information may include browser identities, website contents, search terms, user submitted information, and more. Many commercial organizations such as banks have already adopted HTTPS-only policies to protect users when using their websites and services.

HTTPS verifies the identity of a website or web service for a connecting client, and encrypts nearly all information sent between the website or service and the user. Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS is designed to prevent this information from being read or changed while in transit. HTTPS provides a layer of protection for web users, however, it may be worth noting that HTTPS has several important limitations. IP addresses and destination domain names are not encrypted during communication. Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information.

To learn more, visit these websites: