Mobile app version of vmapp.org
Login or Join
Megan663

: How to let users know that the site is available over HTTPS? My websites are now available over HTTPS, but I don't want to make that the default at this point: My canonical URLs are still

@Megan663

Posted in: #CanonicalUrl #Https

My websites are now available over HTTPS, but I don't want to make that the default at this point:


My canonical URLs are still HTTP and I'm not ready to make the SEO switch
My certificates are SNI certificates that have very good browser support, but it isn't perfect. Some of my users still use older browsers that would be unable to access the HTTPS site.


Is there some way of getting only users that have preference for HTTPS move over? I'm looking for something along these lines:


A header that users send to my site that indicate they prefer secure connections based on a browser preference.
A meta tag or header that I can include on my page that says "Also available on HTTPS" that causes browsers to switch protocols when users have expressed a preference for HTTPS
Something that will tell the HTTPS Everywhere browser plugin that it can do its job for my site.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Megan663

1 Comments

Sorted by latest first Latest Oldest Best

 

@YK1175434

You could simple make a button/link with a text like "This site is in https, click here to view via https", maybe add a little warning "might not function 100%".

Https Everywhere works with a whitelist. Can't find how-to real quick, but this rulsets page might help. I'm not aware of any preference or setting in the browser. You can't send a header "https, if you want". You're the webmaster, you decide.
You don't need to suggest a protocol to the browser, they'll try their best method automaticaly (e.g.: FF/Chrome will choose TLS over SSL )

You might want to use ssllabs.com/ssltest/analyze.html?d=example.com to check your configs, protocol support and suggestions how to improve.



offtopic (before the edit, with SSL and HTTPS wrongly used interchangeable):
SSL is not really supported anymore. The POODLE attack is again SSLv3, the solution is turning off SSL3. "But wait! Than what do I use, SSLv3 is the lastest version, should I go back to v2?!"

Nope. Modern browsers support TLSv1.0 to TLSv1.2 (1.0 has broad support, 1.1 and 1.2 not yet).
It's fairly safe to turn off SSL, forcing browser to TLS (which, again, is the first try of mordern browsers anyways).
The only browser which is gonna have a problem with that is: IE6.


An https connection can be established via SSL (but really shouldn't), or
An https connection can be established via TLS (this is preferred)

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme