It seems Wikia has a TLS certificate for *.wikia.com. Great!
However, it seems to redirect HTTPS requests to HTTP. For example, if you visit https://www.wikia.com/Wikia, you end up on http://www.wikia.com/Wikia instead. Why?! This is the exact opposite of what should happen.
I’m currently posting this over hotel WiFi, over HTTP (since you don’t give me a choice) and am thus risking my session cookies.
Please consider moving Wikia to HTTPS. This can happen in two steps:
1. Stop redirecting HTTPS to HTTP. This gives people the option to browser Wikia over HTTPS instead of HTTP while still allowing HTTP. 2. At a later stage, when you’re ready, start redirecting HTTP requests to HTTPS (and implement HSTS, etc.).
Right now I would be happy with step 1.