Similar to the current `is_ajax` flag there should be a `is_secure` flag for testing.
Similar to the current
is_ajaxflag there should be ais_secureflag for testing.