pros and cons of site in https? [closed]

Question

I am looking in to the possibility of creating a new site in full https as oppose to just having parts of it in https eg login. This is based on the guidelines provided in a recent OWASP report

I am looking for the pros and cons of this approach? Yes I gain security, but what do I lose from do such? All feedback would be great.

Answer 1

There are two cons to full https.

1. The (very slight) performance impact of the encryption
2. The inability to benefit from caching proxies

With modern systems, the performance impact of encryption and session set-up is really a non-issue today. Performance is no longer an excuse for not using https.

Http proxies can't cache https pages or assets, which can be seen as a good or bad thing. It's bad if you're depending on caching for performance, and it will mainly affect page assets like scripts, css and images. Client-side caching should still be effective, though.

These cons are far outweighed by the increased security, authentication and customer confidence provided by full https.