: Should I make webpages default to HTTPS? I finally decided to jump on the HTTPS bandwagon after discovering that C-Panel has an auto-HTTPS setting. But I think I've opened a can of worms; I've

@Eichhorn148

You should allways make them use https if you have a certificate, helps them better trust a website. Me personally if I go to a site and it sends me to https I trust it a lot more than one without https

Vote Up Vote Down

@Gloria169

Is https an option I should leave up to my visitors?


Users usually types just example.com to the address bar, leaving or out. As usually browsers defaults to HTTP, not enforcing TLS is almost as not having it at all. Therefore, you should always redirect HTTP to HTTPS.

Nowadays you can make this further by implementing HTTP Strict Transport Security (HSTS, RFC 6797), a header that makes browser remember that this site should always be loaded using TLS. I have listed some reasons for using and enforcing HTTPS on an answer on Serverfault.

Vote Up Vote Down

@Jessie594

Firstly it is a bad practice to have pages accessible through either HTTP or HTTPS. The push these days within the web industry is for all web pages to adopt HTTPS, even ones where there is no information necessarily needing HTTPS protection. Given the emergence of affordable (and even free) HTTPS services designed specifically to secure websites for free or cheap practically speaking there is no reason not to have your entire site protected by HTTPS.

As a side note while it is considered a relatively low ranking signal having HTTPS is still a signal that Google uses in the indexing process and so could be argued as beneficial for any website given the relative ease and affordability of implementing HTTPS. The only down side that I am aware of with HTTPS is a marginal decrease in site speed and by marginal I mean in most instances it is imperceptible and only detectable through logs indicating site speed.

Vote Up Vote Down