DPLA is pleased to announce that the entirety of our website, including our portal, exhibitions, Primary Source Sets, and our API, are now accessible using HTTPS by default. DPLA takes user privacy seriously, and the infrastructural changes that we have made to support HTTPS allows us to extend this dedication further and become signatories of the Library Digital Privacy Pledge of 2015-2016, developed by our colleagues at the Library Freedom Project.
The changes we’ve made include the following:
- Providing HTTPS versions of all web services that our organization directly controls (including everything under the dp.la domain), for both human and machine consumption,
- Automatic redirection for all HTTP requests to HTTPS, and
- A caching thumbnail proxy for items provided by the DPLA API and frontend, which serves the images over HTTPS instead of providing them insecurely.
After soft-launching HTTPS support at DPLAFest 2016, DPLA staff has done thorough testing, and we are fairly confident that all pages and resources should load over HTTPS with no issues. If you do encounter any problems, such as mixed content warnings or web resources not loading properly, please contact us with the subject “Report a problem with the website” and describe the problem, including links to the pages on which you see the problem.
These changes are just the start, however. To ensure better privacy, DPLA encourages both its Hubs and their partners to provide access to all of their resources and web services over HTTPS, and to join DPLA in becoming a signatory of the Library Digital Privacy Pledge. By working together, we can achieve a national network of cultural heritage resources that are open, free, and secure to all. Please join me in thanking the Mark Breedlove, Scott Williams, and the rest of the DPLA Technology Team for making this possible.