HTTPS Everywhere, or else

Posted on Friday, November 24th, 2017

---

Chrome now marks pages containing a password or credit card input field as Not Secure in the URL bar.

As stated back in 2016

Eventually, Chrome will show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields. Even if you adopt one of the more targeted resolutions above, you should plan to migrate your site to use HTTPS for all pages.

To prevent this, we’ve now started making all sites HTTPS everywhere by default.

Most sites can be secured for free, using Let’s Encrypt – a free certificate authority.

It plugs nicely into Plesk, making the setup really easy.

We also 301 redirect http to https, to ensure true HTTPS Everywhere

---