If you have an SSL Cert, why not use https for the whole site?

Question

I was asked this question not too long ago, and didn't have a good answer...

Is there a good reason why a site that has an SSL certificate wouldn't use https:// for their entire site rather than http://

Are there SEO issues? Performance overhead for the server?

Just in case it matters, we use LAMP stacks.

Thanks!

Answer 1

A few reasons:

• Generating SSL content takes some extra work so performance of a busy site could be an issue
• Most (all?) browsers stop sending referrer info with requests to tracking users through your site could be more challenging
• You might have to be more deliberate in how you serve pages to get browsers to cache them properly
• If the page is SSL, all content loaded on the page should be SSL, too, to avoid mixed-content warnings in the browser; serving dependencies like scripts, images, etc. under SSL is not always convenient

Note, however, that a lot of sites do do this. For example, several of the banks I use are always https, even for the parts that don't require it.

Answer 2

1. for each request your data will be encoded and and decoded this will increase unnecessary load on server and would also increase response time of ur site.

Answer 3

Using SSL/TLS does no longer add very much overhead: http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

(As @erickson said in a comment on this page, the most computationally expensive part is the handshake. Good comment in general.)

I think you may get a loss in performance in some cases because browsers tend not to keep content obtained via HTTPS in the file cache if you close them (assuming that it's sensitive content that shouldn't be kept on disk), therefore you wouldn't benefit from the browser's cache and would have to reload the content.