> Most sites these days redirect to HTTPS. What gives? I've wondered that myself often enough. I've come up with a few possible explanations.
(1) Half-competent admins thinking "security is better than no security, right?", without understanding what the "security" does and doesn't provide and what its costs are. (2) Site admins of sites that do actually have reason to want HTTPS for some of what they do (eg, selling things) get lazy and just (try to) ram it down everyone's collective throat even for the portions of their site for which it's neutral or even negative. (3) I've seen it said that some search engines severely penalize sites that don't insist on HTTPS. Google is the offender I've usually seen named; I have no experience either way myself, as I've never paid any attention to the search engine rankings of my web-accessible stuff. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
