Good practice or bad practice to force entire site to HTTPS?

you lose a lot of features with https (mainly related to performance)

Proxies cannot cache pages
You cannot use a reverse proxy for performance improvement
You cannot host multiple domains on the same IP address
Obviously, the encryption consumes CPU

Maybe that's no problem for you though, it really depends on the requirements

HTTPS decreases server throughput so may be a bad idea if your hardware can't cope with it. You might find this post useful. This paper (academic) also discusses the overhead of HTTPS.

If you have HTTP requests coming from a HTTPS page you'll force the user to confirm the loading of unsecure data. Annoying on some websites I use.

Good practice or bad practice to force entire site to HTTPS?

Tags:

Performance

Iis

Ssl

Https

Iis 7

Related

Recent Posts