Reply To: Is HTTPS still an issue?

Home Forums Support Is HTTPS still an issue? Reply To: Is HTTPS still an issue?

#8853
Sean PSean P
Keymaster

I’m sorry, Nathan, I lost track of your actual question a little while you were trash talking services that don’t offer SSL for free, do you have a question relevant to MyStyle specifically or are you simply asking if SSL on the homepage forces the rest of the website to be SSL too?

To be clear:
All of our assets are supported via SSL. So, you can allow your customized customer images to persist throughout SSL pages without any issues. The customize page itself, serving up the actual app, is non-SSL out of the box for a reason – it allows us to make it faster and cheaper for developer license / plugin users.

We can set up SSL, as has been stated in the previous forum topics asking this same question.

Do we support SSL out of the box for cheap prices? No we don’t, and we have our own good reasons that you have not listed here.

You have already made one wrong assumption when you stated:

There is a catch with this: when a visitor has viewed your homepage, any modern browser will push all your subpages over SSL as well. So if you do this, you have to exclude your homepage as well. Are you prepared to do this?

This is just not true, and shows that you should get assistance from a developer that understands SSL redirection best practices.

It may seem like the homepage being SSL needs to happen or something else is happening, but it’s not. That’s not really how SSL redirection works. Every page in your site needs to have 1 official URL with automatic 301 redirect to the proper version if the other is loaded. Ideally for SEO you always have 1 primary protocol, but some pages can in fact be non-SSL or SSL without affecting the homepage or the preferred domain as a whole. This is mostly because of Google Search Console where you can see that registering each treats each separately. But, browsers don’t decide for you which page are SSL and which aren’t, as can be illustrated by every site in the world that has SSL checkout, and does not have SSL homepage, and does not need both to go one way or the other. You can absolutely have some pages be SSL, and some not, and not have any issues with “modern browsers”. The two ways to go about this are typically .htaccess rewrite rules or PHP header redirects, take your pick, they both have their advantages and disadvantages, but are pretty much invisible in the UX if done properly. Either way, the Customize page requires variables and is not a page you should consider for SEO or as a landing page.

If you do not understand how to do these things, then you are not really a developer, but someone who is taking on development. This is not really what a Developer License is for, as that is for developers who can generally set up their site and manage SSL and redirects on their own without our help.

For you, I would recommend either our Standard or even Managed licenses, or a custom development package (see get a quote page) to set up your website properly to handle SSL / Non-SSL, or any other issues you might run into.

If you need SSL, you will need a custom development, meaning you will need to talk with our sales dept to get a quote on your exact specific needs. I can tell you for sure, that it will be more expensive and require us to modify our load balancer setup to accommodate your SSL needs, or potentially dedicate more of a complex dedicated setup depending on your traffic levels. All that is generally not within the budget of our typical plugin customer. Our load balancers are optimized for speed so we can provide our services in a price tier that is not really profitable – that’s our developer license pricing. We do this to make the technology accessible to small businesses and bootstrap startups, but you will need an actual developer. Non-SSL is faster and cheaper than SSL, as you probably already know, so that’s the main reason our lowest licenses are out of the box non-SSL only.

Product Personalization and Customization Solutions