The former is True unless url.scheme is "https", because ("https" or "http") evaluates to "https", and then you're comparing url.scheme to that. You _probably_ were thinking
url.scheme != "https" and url.scheme != "http"
at which point it becomes a matter of personal preference; I find the 'not in' variant much easier to read, and a lot easier to expand if needed.
FWIW,
url.scheme != ("https" or "http")
is *not* the same as
url.scheme not in ("http", "https")
The former is True unless url.scheme is "https", because ("https" or "http") evaluates to "https", and then you're comparing url.scheme to that. You _probably_ were thinking
url.scheme != "https" and url.scheme != "http"
at which point it becomes a matter of personal preference; I find the 'not in' variant much easier to read, and a lot easier to expand if needed.