4

Now that Let's Encrypt is in public beta, I'm adding secure browsing to many of my web sites. But should I force secure access, or allow visitors to choose how they access those sites?

In researching this, I've found statements like the following:

  1. Secure browsing does add some overhead, but not enough to worry about.

  2. Google prefers secure sites, and ranks them more highly.

  3. Google sees a page that is available via both HTTP and HTTPS as duplicate content, which may hurt search ranking.

Google's documentation seems to confirm #2, but not #3:

Improve this question

1 Answer 1

Reset to default
7

All three of those points are true. As far as #3 goes, what happens is your site traffic gets diluted by splitting it up between http and https. So it's better to just redirect http to https.

Should you do this? For the slight improvement in search ranking, yes, and to protect from man-in-the-middle attacks, and other potential security attacks, if you need that protection. It does slow down start up due to SSL handshaking but there is not much disadvantage to doing so.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.