问题描述

如果我正在设置服务器并拥有 SSL 证书，为什么我不将 HTTPS 用于整个站点，而不仅仅是用于购买/登录?我认为仅加密整个站点并完全保护用户会更有意义.它将防止出现诸如决定必须保护什么之类的问题，因为一切都会如此，并且这对用户来说并不是真正的不便.

If I was setting up a server, and had the SSL certificate(s), why wouldn't I use HTTPS for the entire site instead of just for purchases/logins? I would think it would make more sense just to encrypt the entire site, and protect the user entirely. It would prevent problems such as deciding what has to be secured because everything would be, and it's not really an inconvenience to the user.

如果我已经在网站的一部分上使用了 HTTPS，为什么我不想在整个网站上使用它?

If I was already using an HTTPS for part of the site, why wouldn't I want to use it for the entire site?

这是一个相关的问题:为什么https只用于登录?，但答案并不令人满意.答案假设您无法将 https 应用于整个网站.

This is a related question: Why is https only used for login?, but the answers are not satisfactory. The answers assume you've not been able to apply https to the entire site.

推荐答案

我能想到几个原因.

• 某些浏览器可能不支持 SSL.
• SSL 可能会稍微降低性能.如果用户正在下载大型公共文件，则每次加密这些文件可能会带来系统负担.

这篇关于为什么不对所有事情都使用 HTTPS?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！