We had some issues integrating 3rd party systems, such as the Twitter button, which has had an invalid certificate for months now. If your site can live without these bells & whistles, then you should investigate and see if your site can take the performance hit.
Encrypting site content increases server load, so response time may lack a little.. and we all know Google does take that into account. Also, it might be important that robot files and sitemaps are under the https protocol. I am guessing Google is pretty darn smart about it, I can only imagine though that a broken certificate throws a red flag.
This is a good question! I have no idea. I know that there are sites that do run behind SSL (like paypal) and their pages seem to appear on google just fine. As far as how this impacts your PR, I have no idea.
Did it make you feel safe knowing that it went straight to https? I know PayPal has a login screen on their homepage so maybe that is the reason they make you go straight to https?
No. I think the HTTPS in the browser prompts a user to think there is confidential information being passed when your just browsing, so now your break user experience. The app portion could be, and should be for any semi-secret information, but keep the front-end clear of it. Plus any and all external resources in-page must be https, it might hang you or a designer up down the road and break your cert.
It's very interesting to me that when SSL opens up, you immediately feel like confidential information information is going to be passed (which is usually the case).. I didn't think about that before!
The app portion is def. protected by SSL and switches to that context when you hit the login path.
Your last point is interesting too, as we do pull in external resources such as google fonts, jquery (google's CDN), analytics, etc. but have managed to find an SSL version of those URL's too (luckily). I do see this becoming painful for designers moving forward though when they're trying to pull in external resources that lack support for https url's.
All very good points.
Do you think the average user notices the SSL activation bar?
I disagree. I might not spring for an EV cert in most cases, but using basic encryption to protect against casual eavesdropping should be the rule, not the exception.
[+] [-] rdin|15 years ago|reply
[+] [-] rubyskills|15 years ago|reply
[+] [-] trotsky|15 years ago|reply
[+] [-] mattgaidica|15 years ago|reply
[+] [-] rubyskills|15 years ago|reply
[+] [-] rubyskills|15 years ago|reply
[+] [-] BallinBige|15 years ago|reply
[+] [-] rubyskills|15 years ago|reply
[+] [-] mattgaidica|15 years ago|reply
[+] [-] rubyskills|15 years ago|reply
It's very interesting to me that when SSL opens up, you immediately feel like confidential information information is going to be passed (which is usually the case).. I didn't think about that before!
The app portion is def. protected by SSL and switches to that context when you hit the login path.
Your last point is interesting too, as we do pull in external resources such as google fonts, jquery (google's CDN), analytics, etc. but have managed to find an SSL version of those URL's too (luckily). I do see this becoming painful for designers moving forward though when they're trying to pull in external resources that lack support for https url's.
All very good points.
Do you think the average user notices the SSL activation bar?
[+] [-] HerraBRE|15 years ago|reply