Rafael Bugajewski home

HTTPS Everywhere

Tuesday, 26 September 2017

This site has served content over HTTPS for a couple of years now. Not long ago I also enforced HTTPS everywhere instead of allowing HTTP in parallel (all old URLs get redirected to its new, encrypted counterpart). There were some small, but obvious omissions though.

The search form at the bottom of every page was set up to send data to an unencrypted version of the most popular search engine. The form is also encrypted now and all major browser should display a lock now. In addition to that I also changed the search engine to DuckDuckGo.

If you have your own website and still haven’t enforced HTTPS everywhere I would strongly suggest so. Domain-validated certificates are basically free now and in the worst case you’ll just get the benefit of increased privacy for you and your visitors.