LiftIgniter defaults to using the same protocol as the website. If the website uses HTTP, LiftIgniter will also use HTTP for cdn.petametrics.com, api.petametrics.com, and query.petametrics.com. If the website uses HTTPS, LiftIgniter will also use HTTPS for all three.
It is possible for you to enhance the security of LiftIgniter use by forcing the use of HTTPS even if your main site does not use HTTP yet. Here is how you would do it.
For each of our endpoints that you want to use as HTTPS, you have to initialize with a config pointing to the HTTPS version of the endpoint.
Using HTTPS causes a slight increase in end-user latency due to an increase in the number of round trips. In our experience, switching to HTTPS increases latency by a few hundred milliseconds and increases client timeouts by about 50% (from 0.5% to 0.75% in one time interval we measured). The precise numbers will depend heavily on the geographical location, device type, connection quality, and newness of your users (users will see fewer timeouts later in the same session due to session tokens being cached).
The LiftIgniter Lab is currently available via both HTTP and HTTPS. Unencrypted HTTP support for the lab will be deprecated soon, so that all connections will be redirected to HTTPS. Until then, we recommend using HTTPS for the Lab by explicitly typing https://lab.liftigniter.com.