HTTPS in all the places!

From the green padlock news desk:

Twitter is Moving t.co to HTTPS only for new links – t.co in general is a really bad idea, that breaks the usability of the web. However, if you’re going to break the web like that then I guess it’s better to break it securely. This one will be of note to anyone who relies on Analytics tracking and receives a large number of inbound traffic from Twitter. If that’s you, and your site isn’t running over SSL, then you’re going to lose your referral info:

Non-HTTPS sites may notice what appear to be lower referral numbers from Twitter as a result of the change. Web browsers drop the Referer header from a request by default when downgrading from an HTTPS t.co link to an HTTP destination in compliance with the HTTP specification for the Referer header.

Chrome finally kills off the HTTP-HTTPS “mixed content” warning – in a move designed to "encourage site operators to switch to HTTPS sooner rather than later", Chrome will now treat sites with any mixed content as if they were standard HTTP. I can’t help wondering if this is going to make HTTP downgrade attacks a lot easier to perform.

The writing is really on the wall – get all your sites running over HTTPS as soon as possible.

Posted on Friday, October 16, 2015 8:56 AM |

Like this? Share it!

No comments posted yet.

Post a comment
Please add 1 and 8 and type the answer here:
Remember me?
Ensure the word in this box says 'orange':