jwolthuis - 4:24 pm on Feb 15, 2011 (gmt 0)

The only thing that you don't want to do is redirect from a secure page to a non-secure page. In IE, that action triggers a security warning, "You are about to leave an encrypted page", which many shoppers would get antsy over.

There's nothing wrong with serving your entire site via secure (SSL) pages. There's a small performance penalty, but not a show-stopper.

If you do offer your pages via SSL, ensure that *every* item on the page is fetched via SSL, otherwise shoppers receive the warning message, "This page contains both secure and non-secure items", which causes shoppers to get antsy.

EDIT: I almost forgot about Cookies. If you serve up cookies, they must be marked as "Secure", per RFC 2109, or else McAfee will go nutso.