diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua
index 18a712eed6..7f8c283273 100644
--- a/scripts/locales/en.lua
+++ b/scripts/locales/en.lua
@@ -152,7 +152,7 @@ local lang = {
   ["expired_csrf"] = "Could not perform the requested action because the page expired. Please reload the page and perform the action again.",
   ["export"] = "Export",
   ["external_link"] = "External Link",
-  ["external_link_url"] = "<span><button data-to-copy='https://%{url}' class='copy-http-url btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://%{url}' target='_blank'><i class='fas fa-external-link-alt'></i> %{url_name}</a></span>",
+  ["external_link_url"] = "<span><button data-to-copy='%{proto}://%{url}' class='copy-http-url btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='%{proto}://%{url}' target='_blank'><i class='fas fa-external-link-alt'></i> %{url_name}</a></span>",
   ["factory_reset"] = "Factory Reset",
   ["filter"] = "Exclude",
   ["filter_by"] = "Filter by",
diff --git a/scripts/lua/modules/alert_definitions/flow/alert_ndpi_suspicious_dga_domain.lua b/scripts/lua/modules/alert_definitions/flow/alert_ndpi_suspicious_dga_domain.lua
index dee03e2bd2..545bc0ed45 100644
--- a/scripts/lua/modules/alert_definitions/flow/alert_ndpi_suspicious_dga_domain.lua
+++ b/scripts/lua/modules/alert_definitions/flow/alert_ndpi_suspicious_dga_domain.lua
@@ -58,7 +58,10 @@ function alert_ndpi_suspicious_dga_domain.format(ifid, alert, alert_type_params)
       url = url:gsub('https', '')
     end
 
-      href = i18n('external_link_url', { url = url, url_name = shortenString(url, 32)})
+    local proto = string.lower(interface.getnDPIProtoName(tonumber(alert["l7_master_proto"])))
+    proto = ternary(((proto) and (proto == 'http')), 'http', 'https')
+
+    href = i18n('external_link_url', { url = url, url_name = shortenString(url, 32), proto = proto })
    end
 
    return i18n("alert_messages.suspicious_dga_domain", {
diff --git a/scripts/lua/modules/alert_store/flow_alert_store.lua b/scripts/lua/modules/alert_store/flow_alert_store.lua
index cd476ef540..04a4f76618 100644
--- a/scripts/lua/modules/alert_store/flow_alert_store.lua
+++ b/scripts/lua/modules/alert_store/flow_alert_store.lua
@@ -543,8 +543,9 @@ function flow_alert_store:format_record(value, no_html)
          shorten_descr = shorten_msg,
       }
    end
+   local proto = string.lower(interface.getnDPIProtoName(tonumber(value["l7_master_proto"])))
    
-   local info = format_info_field(value["info"], no_html)
+   local info = format_info_field(value["info"], no_html, proto)
    record[RNAME.INFO.name] = {
      descr = info
    }
diff --git a/scripts/lua/modules/lua_utils.lua b/scripts/lua/modules/lua_utils.lua
index b2df334ffd..b4d0a8c9e6 100644
--- a/scripts/lua/modules/lua_utils.lua
+++ b/scripts/lua/modules/lua_utils.lua
@@ -5131,7 +5131,7 @@ function format_dns_query_info(dns_info)
   end
 
   if dns_info.last_query then
-    dns_info.last_query = i18n("external_link_url", { url = dns_info["last_query"], url_name = dns_info["last_query"] })
+    dns_info.last_query = i18n("external_link_url", { proto = 'https', url = dns_info["last_query"], url_name = dns_info["last_query"] })
   end
 
   return dns_info
@@ -5163,7 +5163,7 @@ function format_tls_info(tls_info)
   end
 
   if tls_info.client_requested_server_name then
-    tls_info["client_requested_server_name"] = i18n("external_link_url", { url = tls_info["client_requested_server_name"], url_name = tls_info["client_requested_server_name"]})
+    tls_info["client_requested_server_name"] = i18n("external_link_url", { proto = 'https', url = tls_info["client_requested_server_name"], url_name = tls_info["client_requested_server_name"]})
   end
 
   if tls_info["ja3.server_cipher"] then
@@ -5224,7 +5224,7 @@ function format_http_info(http_info)
     if string.find(http_info["last_url"], '^/') then
       url = (http_info["server_name"] or "") .. http_info["last_url"]
     end
-    http_info["last_url"] = i18n("external_link_url", { url = url, url_name = url})
+    http_info["last_url"] = i18n("external_link_url", { proto = 'http', url = url, url_name = url})
   end
 
   if http_info["server_name"] then
@@ -5279,11 +5279,13 @@ end
 --         no_html: A boolean, true if no_html is requested (e.g. Download in CSV format), 
 --                  false otherwise
 -- @return A string containing the info field formatted
-function format_info_field(info, no_html)
+function format_info_field(info, no_html, proto)
   local info_field = info
+  proto = ternary(((proto) and (proto == 'http')), 'http', 'https')
+
   if no_html == false then
     if not isEmptyString(info) then
-      info_field = i18n("external_link_url", { url = info, url_name = info})
+      info_field = i18n("external_link_url", { proto = proto, url = info, url_name = info})
     end
   end