Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

cpu and ssl, only some pages with ssl

8:54 pm on Dec 1, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 27, 2003
posts: 1308
votes: 0

I have just bought a ssl certificate, and not sure if true, but I think I read that pages https take more cpu than normal http.
I am on a shared host, and considering the cpu and if searchengines see https diferent as http, Im not sure if I should serve all pages or only some as https.

I think only on some but the problem is how, I suppose I would have to do a redirection from http to https, but does that work if the person instead of finishing the purchase and leave the site, goes to another page that is no suppse to be https.

Any thoughts?
1:44 pm on Dec 5, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 3, 2003
votes: 0

Hi Helen,

It's certainly true that an https page will take more cpu to serve than an unencrypted page - by how much or how significantly and at what level of traffic it could become an issue is difficult to quantify but it's straight forward to ensure that only parts of your website are served as https if required.

A common set-up is that www.example.com is entirely http only, with a secure customer area running on a sub-domain e.g. customer.example.com that is entirely https only.

However if you're not using sub-domains you can still ensure that only some of your pages are served using https using .htaccess rules.

Let's say you have a shopping cart script running inside the sub-directory /cart/ of your website, and you want to ensure that it is only accessed over https, you could add the following to your top level .htaccess

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/cart
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{REQUEST_URI} ^!/cart
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

However, that only serves as a fall-back - it's still important with something like the above in place that all links between the http and https parts of your site are host absolute, e.g. a link from the home page to view basket might be

<a href='https://www.example.com/cart/mybasket.php'>My Basket</a>

...and similarly any links out from https pages back to non https must also be host absolute e.g.

<a href='http://www.example.com/'>Home</a>

From a code bulk / page size point of view it might not be desirable to have every link in, say, your common header and footer to be host absolute but if this happens to be PHP (similar methods would be possible in any other scripting language) a common header script that was included on both http and https pages could be made to include the host only on https pages, using for example:

// add this at the top of the script for efficiency rather than doing the full test every link!
$isHTTPS = (isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] != "") && ($_SERVER["HTTPS"] != "off"));
<a href='<?php print ($isHTTPS?"http://www.example.com":""); ?>/about-us.php'>About Us</a>

Hope this helps!