0

I have a website that only has a couple of webpages that need to be secure. I'm not have a problem forcing the browser into https on those pages, but I am having difficulty returning back to http after they've left the form page. Any suggestions?

Matt
  • 11
  • that would be more hassle than is worth. You'd need to make extra sure you are not leaving your users with cookies that could be used to access https content (see firesheep), for starters. – njzk2 May 12 '15 at 13:57

1 Answers1

3

This sounds facetious, but my serious suggestion is to serve it all HTTPS. Post-2013-Snowden-NSA-whistleblowing, it's clearer now than ever that if you're not using HTTPS whenever you can, you're doing your users a disservice.

HTTPS (with TLS 1.2, Strict Transport Security, etc.) is the new norm for all responsible web developers.

https://www.eff.org/https-everywhere/deploying-https

Spiff
  • 104,423