20 comments

[ 4.4 ms ] story [ 53.0 ms ] thread
Does it need it? All the site does is show you text.
One thing that I don't like about unsecure sites is that, depending on the ISP or Wifi access point, they might inject things into the stream.
(comment deleted)
Yes, because not having it will still leave your browsing on that site succeptible to MITM attacks.
I used to be of this opinion but enough ISPs and other intermediaries will happily MITM http (and DNS) if they can to inject ads or redirects to affiliates.

With modern hardware and letsencrypt, getting SSL going is about close to free and less effort than what most "just text" sites do for their content.

>Does it need it?

Yes. It's that simple.

Then why investor due diligence teams ask for ssl , policies around SSL, if this is not important?
Protecting form data, ajax, etc which the site doesn't really have.

SSL can also stop your ISP infecting content, but if they're doing that you've got a crap ISP.

It is supposedly integrated with Yahoo store although defunct and has a search text box as well.
Best practice starts from home it not only for folks who need money but for folks who give money as well.l.llll
it looks like it is vhosted with store.yahoo.com

his site is probably only meant to serve HTTP but gets HTTPS with the wrong cert because of the vhosting of the other site.

umm interesting. reading threads nick you have shared.
but still my only submission is that if SSL is one of criteria;s in all Due dils, then how it would be difficult to add one PG;s site? or why to make such a big fuss around it?
Can't access on the phone, chrome shows a safety screen (probably can bypass it)