Migrating to HTTPS

For now, a collection of relevant links. More to come.



Tools and Demos


Articles of interest

Migrations in the News

Deprecations and Removals

As a part of the plan to require secure contexts (HTTPS) for Powerful features, Chrome and other browsers are deprecating or removing use of certain powerful features over HTTP connections.


Can I use compression? Should I worry about the BREACH attack?

It is only a concern when secret information and information from the request is contained in a single resource. So static information is fine, so are resources with secret data but no request-derived data, and so are resources that don't contain secret data. Ivan Ristic's post on BREACH is a good summary of the mitigations against breach. Same-Site cookies are one interesting approach, although they're not supported broadly enough yet.