强制整个网站使用HTTPS的良好做法或不良做法？ [英] Good practice or bad practice to force entire site to HTTPS?

问题描述

当所有内容都使用HTTPS（身份验证，Web服务等）时，我的网站运行良好。如果我混合使用http和https，则需要更多编码（跨域问题）。

I have a site that works very well when everything is in HTTPS (authentication, web services etc). If I mix http and https it requires more coding (cross domain problems).

我似乎没有看到很多完全使用HTTPS的网站，所以我想知道这样做是不是一个坏主意？

I don't seem to see many web sites that are entirely in HTTPS so I was wondering if it was a bad idea to go about it this way?

编辑：网站将托管在Azure云上，其中带宽和CPU使用率可能是一个问题......

Site is to be hosted on Azure cloud where Bandwidth and CPU usage could be an issue...

推荐答案

如果您没有任何副作用，那么您现在可能还可以，并且可能乐意不在不需要的地方创作。

If you've no side effects then you are probably okay for now and might be happy not to create work where it is not needed.

但是，没有理由加密所有流量。当然登录凭据或其他敏感数据。您将失去的主要内容之一是下游缓存。您的服务器，中间ISP和用户无法缓存https。这可能不完全相关，因为它表明您只提供服务。但是，它完全取决于您的设置以及是否有机会进行缓存以及性能是否是一个问题。

However, there is little reason to encrypt all your traffic. Certainly login credentials or other sensitive data do. One the main things you would be losing out on is downstream caching. Your servers, the intermediate ISPs and users cannot cache the https. This may not be completely relevant as it reads that you are only providing services. However, it completely depends on your setup and whether there is opportunity for caching and if performance is an issue at all.

这篇关于强制整个网站使用HTTPS的良好做法或不良做法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！