diff --git a/supabase_auth/_sync/client.py b/supabase_auth/_sync/client.py
index 46577133..7f075765 100644
--- a/supabase_auth/_sync/client.py
+++ b/supabase_auth/_sync/client.py
@@ -10,7 +10,7 @@
 
 from ..constants import COOKIE_OPTIONS, DEFAULT_HEADERS, GOTRUE_URL, STORAGE_KEY
 from ..exceptions import APIError
-from ..helpers import model_dump, model_validate
+from ..helpers import is_http_url, model_dump, model_validate
 from ..types import (
     AuthChangeEvent,
     CookieOptions,
@@ -61,6 +61,8 @@ def __init__(
         proxy: str
             HTTP Proxy string or None, None by default, None disables proxy.
         """
+        if not is_http_url(url):
+            ValueError("url must be a valid HTTP URL string")
         if url.startswith("http://"):
             print(
                 "Warning:\n\nDO NOT USE HTTP IN PRODUCTION FOR GOTRUE EVER!\n"
@@ -428,6 +430,8 @@ def get_session_from_url(
         APIError
             If an error occurs.
         """
+        if not is_http_url(url):
+            ValueError("url must be a valid HTTP URL string")
         data = urlparse(url)
         query = parse_qs(data.query)
         error_description = query.get("error_description")
diff --git a/supabase_auth/helpers.py b/supabase_auth/helpers.py
index 1ac90e83..9808efd1 100644
--- a/supabase_auth/helpers.py
+++ b/supabase_auth/helpers.py
@@ -9,6 +9,7 @@
 from datetime import datetime
 from json import loads
 from typing import Any, Dict, Optional, Type, TypeVar, cast
+from urllib.parse import urlparse
 
 from httpx import HTTPStatusError, Response
 from pydantic import BaseModel
@@ -238,3 +239,7 @@ def parse_response_api_version(response: Response):
         return dt
     except Exception as e:
         return None
+
+
+def is_http_url(url: str) -> bool:
+    return urlparse(url).scheme in {"https", "http"}