Hi, I'd recommend prepending https:// if the user's entering his url on an https:// web site. Is there a way in the spec to "fall back" to a plain http:// one if the secure one fails? I think security is important - we're handling peoples identities here. Kind Regards, Chris Drake