Currently this site does not offer secure connections. Most hosts now offer free basic SSL certificates. I would suggest adding this certificate and at least making the secure connection an option if not mandatory.
This is an automatically-generated Wiki post for this new topic. Any member can edit this post and use it as a summary of the topic’s highlights.
My bad, looks like it works when I put in www, it doesn’t work without the www.
You did find an issue. It’s just not due to the lack of a cert. There needs to be a redirect from htttp://www.fragiledeal.com to https://www.fragiledeal.com.
Interesting, in Chrome, it says “your connection is not fully secure” even though it says https://
You are correct. Looks like the offender is this content on the main page (d-logo-sketch-small.png). If that http: could be changed to https:, it might fix the main page. Then again, I stopped looking once I found the first incorrect reference. But I looked through quite a bit before finding that one.
Despite the push by Google and others, I would argue that SSL is not needed on a web site like this. (Others will disagree, of course).
The SSL is not to protect the website, it’s to protect the users from having their opinions (posts) collected by their ISP or some other man-in-the-middle or TLA. When it comes to most of what’s here (financial advice, rates discussion, etc) I agree, but we do have a few threads with more controversial subjects. User privacy is important.
Me! Me! Whether or not it is needed is almost beside the point. The technology is there and universally supported in browsers. The cost to implement and the cost in terms of performance are both absolutely negligible. So the question becomes, why not? Not only is there the aforementioned encryption in transit, but you are sure that you are actually talking to the web site that you think you are.*
* Or are you? He who controls the certificate store on your machine rules your world. It is quite common (I’m looking at you, Zscaler) to have an intermediate site decrypting and re-encrypting the traffic and getting away with it by having their own certs on your machine. That way your employer has access to your “encrypted” traffic, and you’d never know.
Good point! Thanks @scripta. I can get behind that reasoning.
One of the reasons I love this site and FW before it. Great group of smart folks on a variety of topics.
I can manually adjust my address to add the “s” in there, but each time I click an email notification, I’m back to http.
Is there any way to get the links in emails to contain the “s” or to get the entire site to forward all links to https?
For the person that controls the web server for the site, this is trivial. A redirect of http: to https:. But I assume this site is hosted and that level of access may not exist.
That also doesn’t solve the problem initially reported, which I think, is due to an http: reference to the logo on the main page.