HTTPS is for everyone._

July 12, 2018 @20:47

I enabled HTTPS on this website just under a year ago. If you follow my blog you know that this is a static website, and since there appears to be a bit of an uproar in the web community over HTTPS right now I figured I'd simply weigh in.

Do you need HTTPS for your website?

Yes.

There are lots of good reasons for this, and not many reasons not do it but the major point that resonates with me is not the risks to your website, but the risks to the general Internet at large. Actors (both malicious and benign) can inject content into any HTTP served site and cause the web browser of their visitors site to do... essentially whatever they want. This doesn't have to be targeted at your site, anyone in the middle can simply target ALL HTTP traffic out there, regardless of the content.

This isn't a user agent (browser) problem, this isn't a server problem, anyone with access to ANY part of the network between the server and the user agent can inject anything they want without the authenticity provided by TLS.

HTTPS is Easy, and for most it is free. It also allows HTTP/2 which is faster (even for static sites like this one which uses HTTP/2). Really it is. If you aren't convinced let me also point you at Troy Hunt's excellent demo of what people can do to your static website.

Subscribe via RSS. Send me a comment.