J_RaD - 5:27 pm on Oct 19, 2011 (gmt 0)
Lammert , are you certain that the site on the end of the chain will be able to read the incoming data..even if it is SSL and "certed" .especially if G strip headers ....how ..
well how im reading this...which could be wrong is that G's SSL servers won't pass any info off to an unsecure server(common), so if your server is also SSL then they'd shake hands and pass data.
but its kinda silly they'd let their SSL servers pass the data to unsecure servers as long as they are running "ads"
I was a bit skeptical as unverified SSL Certs are a dime a dozen, I think the cheapest I've seen is $4.99. I wouldn't put much trust in an unverified SSL cert.
you can generate your own unverified SSL cert for free... for about 15 years now. Which now almost 100% of browser will pop up scary red address bars and dialog boxes..... but is it really just about the SSL security layer or making you jump thru flaming hoops getting a signed one.
if it was just about the data protection an SSL cert is an SSL cert and will provide the encryption.
THe only thing it really leaves to the unknown is if someone spoofed your cert. But its like like user ref info is like banking info.