Good practice or bad practice to force entire site to HTTPS?

Question

I have a site that works very well when everything is in HTTPS (authentication, web services etc). If I mix http and https it requires more coding (cross domain problems).

I don't seem to see many web sites that are entirely in HTTPS so I was wondering if it was a bad idea to go about it this way?

Edit: Site is to be hosted on Azure cloud where Bandwidth and CPU usage could be an issue...

EDIT 10 years later: The correct answer is now to use https only.

Answer 1

you lose a lot of features with https (mainly related to performance)

• Proxies cannot cache pages
• You cannot use a reverse proxy for performance improvement
• You cannot host multiple domains on the same IP address
• Obviously, the encryption consumes CPU

Maybe that's no problem for you though, it really depends on the requirements