Forced HTTPS Is Now On
-
@scottalanmiller said in Forced HTTPS Is Now On:
So the big thing.... turning on HTTPS Forced has had a pretty big effect on traffic. A huge effect. Our request rate increased by 30x a few hours after we turned it on. Our search engine rankings must have shot way up.
We shot up as well in ranking because of this, Google's already made it pretty clear how they feel about SSL, yet even so 99% of the SEO rip off artists who still say stupid crap like "submit your site it search engines" don't seem to know about it. BTW anyone listening in who isn't hip to what I'm talking about, every single person selling you SEO is a scam artist, period. You can easily do it all yourself even if you don't have that much web knowledge.
-
@scottalanmiller said in Forced HTTPS Is Now On:
@aaronstuder said in Forced HTTPS Is Now On:
@scottalanmiller HTTPS makes sites, faster, not slower.
What? How do you figure? It adds latency and increases bandwidth. How can it make it faster?
Absolutely, it is 100% technically impossible for HTTPS traffic to be faster than HTTP traffic. You are adding encryption on top of HTTP. Keyword there adding. This means more resources per packet. More resources per packet means slower, always.
-
I thought I heard that the Speedy protocol was faster with HTTPS than with HTTP, but maybe that was later disproved.
-
@Dashrender That's that I thought too.
-
@Dashrender said in Forced HTTPS Is Now On:
I thought I heard that the Speedy protocol was faster with HTTPS than with HTTP, but maybe that was later disproved.
SPDY is a Google owned trademark and the name that they gave their new protocol.
It is no longer a thing of its own as the SPDY protocol was the basis of HTTP/2.
My little knowledge of it at all is that it tracks header info and does not resend some it already knows about. Thus making this faster over the wire. This would have nothing to do with TLS.
-
HTTP/2 is definitely faster than HTTP/1.1. But that TLS speeds it up isn't something that I've heard and I'm unclear how it could work. That TLS performance impact is becoming nominal is one thing, but actually faster is hard to achieve.
-
I haven't read this yet.... so take it with a grain of salt.
https://samrueby.com/2015/01/26/why-is-https-faster-than-http/
-
@Dashrender It says that HTTPS is faster because only HTTPS traffic is using the SPDY engine inside HTTP/2.
-
I think there's mixing of terms and protocols here. SPDY or HTTP/2 is faster period, whether or not there's SSL, however SSL combined with SPDY or HTTP/2 is faster than standard HTTP for modern web 2.0 web sites, but your standard HTML page with basic info will always be faster without SSL, and so long as there are no other connections to be made, there wouldn't be a difference between HTTP/1.1 and HTTP/2.
-
@scottalanmiller said in Forced HTTPS Is Now On:
They should all load. Just not all are secure at this point.
This is happening because some images on the website come from non secure web page (http) so in this article https://www.clickssl.net/blog/how-to-stop-secure-and-nonsecure-items-warning-on-your-site there are three solutions have given which matches to your query. So I hope it will help you.
-
@henriette I second the "//..." solution, we force it automagically, to the dismay of a couple of our affiliates I'm sad to say, they were upset they had to setup SSL since when it failed to properly load we stopped displaying them when people used SSL, which is by default, so they were losing a lot. You really have to twist some people's arms to get them to be more secure, and you'd think the adult entertainment industry, of all industries, would understand security (they don't, they're the worst).
-
@tonyshowoff said in Forced HTTPS Is Now On:
@henriette I second the "//..." solution, we force it automagically, to the dismay of a couple of our affiliates I'm sad to say, they were upset they had to setup SSL since when it failed to properly load we stopped displaying them when people used SSL, which is by default, so they were losing a lot. You really have to twist some people's arms to get them to be more secure, and you'd think the adult entertainment industry, of all industries, would understand security (they don't, they're the worst).
sadly I don't think they are anywhere near the worst.
-
@Dashrender said in Forced HTTPS Is Now On:
@tonyshowoff said in Forced HTTPS Is Now On:
@henriette I second the "//..." solution, we force it automagically, to the dismay of a couple of our affiliates I'm sad to say, they were upset they had to setup SSL since when it failed to properly load we stopped displaying them when people used SSL, which is by default, so they were losing a lot. You really have to twist some people's arms to get them to be more secure, and you'd think the adult entertainment industry, of all industries, would understand security (they don't, they're the worst).
sadly I don't think they are anywhere near the worst.
"Hacking" a lot of them is simply doing a google site search for .jpg...... kinda embarrassed to admit I know this.
-
@tonyshowoff said in Forced HTTPS Is Now On:
@henriette I second the "//..." solution, we force it automagically, to the dismay of a couple of our affiliates I'm sad to say, they were upset they had to setup SSL since when it failed to properly load we stopped displaying them when people used SSL, which is by default, so they were losing a lot. You really have to twist some people's arms to get them to be more secure, and you'd think the adult entertainment industry, of all industries, would understand security (they don't, they're the worst).
No, unless they start faxing porn to people and putting the user's personal details on the fax headers, they aren't close to being the worst.
-
@scottalanmiller said in Forced HTTPS Is Now On:
@tonyshowoff said in Forced HTTPS Is Now On:
@henriette I second the "//..." solution, we force it automagically, to the dismay of a couple of our affiliates I'm sad to say, they were upset they had to setup SSL since when it failed to properly load we stopped displaying them when people used SSL, which is by default, so they were losing a lot. You really have to twist some people's arms to get them to be more secure, and you'd think the adult entertainment industry, of all industries, would understand security (they don't, they're the worst).
No, unless they start faxing porn to people and putting the user's personal details on the fax headers, they aren't close to being the worst.
I meant in terms of, say, the famous Ashley Madison leak, essentially everyone I know, save myself, stores their data in the same way, forever, in addition to plaintext or base64 encoded credit card data, not even tokenising them. As far as I'm concerned, of any specific niche industry, it's consistently the worst, and most incompetent.
Edit: I would say though, that is the industry I have most experience in dealing with other similar industries. From a regular IT perspective, I've seen the same thing happen across the board, especially at apartment complexes, and .. basically any small business. The irony is that big businesses aren't typically that much better at it, look at Sony.
-
@scottalanmiller said in Forced HTTPS Is Now On:
faxing porn to people and putting the user's personal details on the fax headers
Right then, that's my afternoons activities sorted.
-
@travisdh1 said in Forced HTTPS Is Now On:
@Dashrender said in Forced HTTPS Is Now On:
@tonyshowoff said in Forced HTTPS Is Now On:
@henriette I second the "//..." solution, we force it automagically, to the dismay of a couple of our affiliates I'm sad to say, they were upset they had to setup SSL since when it failed to properly load we stopped displaying them when people used SSL, which is by default, so they were losing a lot. You really have to twist some people's arms to get them to be more secure, and you'd think the adult entertainment industry, of all industries, would understand security (they don't, they're the worst).
sadly I don't think they are anywhere near the worst.
"Hacking" a lot of them is simply doing a google site search for .jpg...... kinda embarrassed to admit I know this.
So it was you!
-
Still have mixed content issues...
-
data-vocabulary.org and schema.org seem to be the issue.
-
https://www.data-vocabulary.org/ - Works.
https://schema.org/ - Works