why would content only sites need to be https?

Helpful links:

• Why HTTPS Matters [developers.google.com]

• Downsides of not using HTTPS [webmasterworld.com]

After all, there are many many Google algorithms but I am seeing http at the top of my personal searches most of the time.

HTTPS may be a ranking factor, but according to Google, it's a very small one.

With HTTPS you protect the:
- Privacy of your users (URLs visited, cookies exchanged, search queries and other form input);
- Integrity of your content (middlemen like ISPs can't alter your content);
- Transfer of your own data, such as passwords for logging into a CMS.

Basically: due diligence.

As a bonus, you get to tap into the performance benefits of HTTP/2, and possibly get a small boost in the SERPs.

Every day there are more and more https websites that my samsung tablet won't let me access because the connection is not secure. Some of these are mega sites. I have tried changing settings on the tab to no avail. I wonder how much traffic gets lost because of this.

Every day there are more and more https websites that my samsung tablet won't let me access because the connection is not secure.

I thought that https sites are supposed to be more secure.

If the tablet is more than a few years old, the problem is likely the OS on the tablet not the website. Get newer hardware and you won't have that problem.

Just a FYI - it's been discussed many times that very old browsers and OSs do not support some elements used with HTTPS.

That's more of a client issue. Basically, if your device's default browser is so old that it can't handle HTTPs, get a better one from the app store. Hard to imagine a Samsung tablet being old enough not to accept HTTPs, though. Unless it's running Android 2.x. What's the model?

One reason I finally had to abandon Camino, although I loved it dearly, was that it couldn't keep up with security certificates. It habitually said that suchandsuch site had an invalid, unknown or untrusted certificate--meaning, I assume, only that the browser's internal list was no longer getting updated--so I got in the bad habit of ignoring and overriding warnings about security.

My traffic dropped after I switched to HTTPs.

@virtualrealityvirtualreality

if your traffic dropped significantly, you must be missing something somewhere in your implementation of the https protocol.

I was super scared to switch. I did my homework and covered every angle. When I fixed every single issue, I was less scared. I never saw a drop on any of the sites I converted. I actually saw a bump up.

"If the tablet is more than a few years old, the problem is likely the OS on the tablet not the website. Get newer hardware and you won't have that problem. "

i did not post this asking for help. I am bringing it up because there are a lot of old devices out there that might have the same problem. I don't expect the public to update their devices to accommodate my sites.

What will cause the loss of the most traffic, a warning in a drop down menu on chrome or old devices?

OS is android 4.4.2

I sell to a tech-savvy audience, so old kit it not an issue.

But sure, it is well worth looking at your User Agent profile to check there will not be significant loss.

Android 4.4.2 supports SNI, so not sure what's causing the issue there.

Also, Google isn't forcing you to do anything. It's just good practice as a user to be on HTTPS, and the Chrome warning is aimed at users.

HTTPS means that no one can see what page I'm on- only the domain. I am protected from MiTM attacks, including content tampering. Any URL parameters from on-site searches are hidden.

I hate using HTTP sites, and will strongly prefer HTTPS sites.

I am not typical, admittedly.

I hate using HTTP sites

Then you hate using the majority of sites on the web.

Awright, aristotle, come clean. What's your real objection to HTTPS? Was your mother frightened by an SSL before you were born?

I'm currently at two HTTPS and two HTTP, but that's just because I haven't the energy to keep track of four sites' redirects all at once, so I'm doing them by dribs and drabs.

I'm currently at two HTTPS

To date, I've switched 32 sites (3 of my own.) I've got the process down to about 30 - 40 minutes in most cases.

I hate using HTTP sites

I'm not quite there yet, but have definitely noticed an increased "yuck" response to seeing HTTP sites.

Awright, aristotle, come clean. What's your real objection to HTTPS?

Well my main objection is the $50 per year fee that my hosting company wants. For my six sites, that adds up to $300 per year. Yes I know that there are cheaper options, even free, but when I looked at them, I didn't like what I saw.

So that's why I'm waiting -- to see if better options become available.

I've got the process down to about 30 - 40 minutes in most cases.

Oh, the HTTPS change as such is about 5 minutes. Change htaccess globally, click a few buttons in host's control panel, optionally contact a couple of people to ask if they can change their existing links (only the ones I'm in regular communication with, obviously). It only takes time because I'm obsessive about keeping track of redirects ... into perpetuity.

Much depends on one's host unless one is running dedicated servers but I believe it best practice to be able to fail over to HTTP from HTTPS as necessary. Some older devices, OS's, and some needs requirements simply don't need/handle HTTPS well or at all.

Of course a lot depends on your audience and their device capabilities. Yet another 'know your audience' moment.

Oh, the HTTPS change as such is about 5 minutes. Change htaccess globally, click a few buttons in host's control panel

Ha... I'm not referring to just clicking a button. Some sites require editing scripts & CSS, editing framework files, 3rd party apps, internal site search, rebuilding back-end functions, manually checking hundreds of pages for errors... stuff like that.

I automate as much as I can, but some things require a more personal approach. Some hosts make it relatively fast & painless, others not so much.

Some sites require editing scripts & CSS, editing framework files, 3rd party apps, internal site search, rebuilding back-end functions, manually checking hundreds of pages for errors... stuff like that.

Mercifully I've never used absolute links internally, so that's one less thing to think about. It's more about miscellany: for example when I went HTTPS on my personal site I had to check for any and all links from other sites. They're always in the strangest places. (How the heck am I supposed to remember that example.com/dir1/page1 has a link to example.org/dir2/subdir3/page4, of all things?) Luckily there exist text editors with multi-file search, and if I'm feeling very brave I'll even let it do an unsupervised global replace. No databases--wouldn't touch them with a barge pole--except analytics, which lives on my personal site. Which in turn is why I changed that one first, even though nobody ever goes there in person.

No, the long-term time-consuming thing for me is monitoring redirects. This can actually be very informative: why is the search engine so much more interested in page A than in page B, when there's no visible difference in visitor count or change frequency? Hmmm. And will they ever stop asking for http://example.com several times a day? It's entrapment again, isn't it. Astoundingly, bing asks less often than Google. It seems like just the kind of thing bing would keep grinding away at forever, like asking for pages that were removed in 2011.

When working on one's own site there are certain luxuries not afforded with that of the client.

Cloudways did everything in 20-30 minutes, installed Comodo SSL, redirected site, fixed mixed content and checked browser compatibility with some online tools.

I was scared as well. But it works great if done properly. You can use tools like redirect checker to know whether redirection is working.

LetsEncrypt SSL is free and super easy to use, most common hosting companies provide it in cpanel and whatnot as an integrated feature that is trivial to setup and run. LetsEncrypt gives you full blown trusted SSL backed by major internet players.

I don't see why anyone would refuse to implement SSL at this point. It should be our duty to implement SSL and enforce its use as a means to protect the web and to follow those lines i think not having SSL is a disservice to web visitors who trust you with their data in any shape form or fashion. Not doing SSL because of people with outdated hardware to me is, in essence, putting those who do have modern systems at unnecessary risk.

Exactly why do we need to protect emails that are already pretty much publicly available? Why do we need to protect data? Don't most users have burner emails they use on the net? I know my clients do.

Protecting the internet with https is a great talking point but in reality it does not offer any more protection to our identities than a paper shredder. Of course, if you handle credit cards there is no argument but for the rest of us this is just g bullying us as a distraction from something else.

I am starting to see the non secure connection issue on my win 10 laptop using firefox. Give this another year when certs start expireing and I would not be surprised to see this go the way of authorship.

Exactly why do we need to protect emails that are already pretty much publicly available? Why do we need to protect data? Don't most users have burner emails they use on the net? I know my clients do.

If you respect your customers as clients, It's your responsibility to protect data regardless of how benign you believe it to be.

https isn't about being the paper shredder, you can't control what happens with the data you move across the pipe once its decrypted but you can ensure that only the person standing by the shredder receives it and not everyone on the internet can copy it.

letsencrypt certs are free and expire super fast but there are scripts that renew them automatically and make the process painless. CDN's often include SNI certs for as part of their free/basic packages too to encrypt your traffic.

We have to realize mobile is dominating the web experience and the best mobile experience is behind SSL because the network largely can't be trusted and you can build in a little trust by switching to SSL.

g bullying us as a distraction from something else

From... aliens?

Numerous reasons other than credit card theft are mentioned earlier in this thread. Do you not think they're valid?

If you respect your customers as clients, It's your responsibility to protect data regardless of how benign you believe it to be.

Well said!