default to https instead of http for security benefits

[Zeouterlimits]

I think it would be a good idea to default urls that don't specify their protocol to https instead of http, defaulting to encrypted, as is the web trend / default at this stage.

Could make it a toggle? Interested in your thoughts either way, this change would suit us.