Why the hell do people make websites with VALID SSL certs redirect BACK TO HTTP? What the fuck is wrong with them?!

  • 7
    And here I've been doing http to https redirections. I must have been doing it all wrong!
  • 1
    If they have ads on their page they get up to 30% less revenue from them because some advertisers don't serve their ads with https and so there are less people who bet.
    This is one reason I read some days ago.
  • 0
    @maysi that would explain why they have a separate subdomain for user settings - those don't have ads.
    It's still no excuse to serve login forms over http tbo.
  • 0
    If the page sends form data that is to be logged anywhere, throw down an SSL cert. Otherwise it's not really much of an issue if it's HTTPS or just HTTP.
  • 1
    Because the agency who built our website didn't do so with SSL in mind. Simply enabling it gives >9000 mixed content errors. It's a good job I found this out before enabling HSTS.
Add Comment