I have a very basic website which only renders a series of images and a bit of text. When I enabled HTTPS it slowed down my web page significantly as there are 41 images plus 41 low-resolution placeholder images resulting in a minimum of 82 SSL handshakes. However according to Google's docs (https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https) every website should use HTTPS. What are the possible risks involved with not using HTTPS? In fact, my website does support HTTPS, it just does not redirect to the HTTPS version by default, the client has to go their manually.
Asked
Active
Viewed 52 times
1
-
1Well, the recent announcement at https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html might influence your decision: do you want Chrome to flag your site as insecure? – Matthew Feb 09 '18 at 11:29
-
try enabling keep-alive so you have single https handshake. – Aria Feb 09 '18 at 13:49
-
The risks are that someone could modify content between the server and the browser and maliciously feed your users misinformation. That might not be damaging in your case but think static sites that provide investment or health info. – iainpb Feb 11 '18 at 12:19