Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Delivering the news
over HTTPS
Paul Schreiber@paulschreiber
HTTP1991–2015
HTTP1991–2015
HTTP
HTTPS
A Call to Action
If you run a news site, or any site at all, we’d like
to issue a friendly challenge to you. Make a
commit...
setup
$	
  sslmate	
  mkconfig
https://mozilla.github.io/	
  
server-­‐side-­‐tls/	
  
ssl-­‐config-­‐generator/
HSTS
HTTPS enabled
HTTPS enabled
HTTPS default
HTTPS enabled
HTTPS default
HSTS
HTTPS enabled
HTTPS default
HSTS
HSTS preload
content
content
ads
analytics
CDNs
fonts
content
😕
https://github.com/	
  
bramus/mixed-­‐content-­‐scan
<script	
  src="//google.com/…	
  
<script	
  src="https://googl…
<script	
  src="//google.com/…	
  
<script	
  src="https://googl…
performance
2008 HTTPS is slow
2008 HTTPS is slow
2015 HTTPS is fast
Many graphics from The Noun Project

Tombstone by Jakob Wells. Money by Nick Levesque.
Shield by Wayne Thayer. SEO by Azis...
problems
problems
solved
problems
NoHTTPS?
ask
nicely.
NoHTTPS?
SoundCite
placehold.it
mixedcontent
mixedcontent
$	
  mixed-­‐content-­‐scan
mixedcontent
Content-­‐Security-­‐Policy:	
  
	
  	
  upgrade-­‐insecure-­‐requests
mixedcontent Content-­‐Security-­‐Policy-­‐
Report-­‐Only:	
  default-­‐src	
  
https:	
  data:	
  'self'	
  
'unsafe-­‐in...
mixedcontent
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
Django + WordPress.com REST API = Profit
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

BigWP: Delivering the news over HTTPS

Download to read offline

HTTP is dead. Here’s why, and what you need to know to migrate to HTTPS.

Delivered to the BigWP Meetup NYC on September 15, 2015.

Detailed guide: https://docs.google.com/document/d/1EJKAoa4Hxc4AyH0znuA_AAplcNeNejEhATFptFX-OME/edit

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

BigWP: Delivering the news over HTTPS

  1. 1. Delivering the news over HTTPS
  2. 2. Paul Schreiber@paulschreiber
  3. 3. HTTP1991–2015
  4. 4. HTTP1991–2015
  5. 5. HTTP
  6. 6. HTTPS
  7. 7. A Call to Action If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of 2015 and pledge your support with the hashtag #https2015. —Eitan Konigsburg, Rajiv Pant and Elena Kvochko “Embracing HTTPS” November 13, 2014
  8. 8. setup
  9. 9. $  sslmate  mkconfig
  10. 10. https://mozilla.github.io/   server-­‐side-­‐tls/   ssl-­‐config-­‐generator/
  11. 11. HSTS
  12. 12. HTTPS enabled
  13. 13. HTTPS enabled HTTPS default
  14. 14. HTTPS enabled HTTPS default HSTS
  15. 15. HTTPS enabled HTTPS default HSTS HSTS preload
  16. 16. content
  17. 17. content
  18. 18. ads
  19. 19. analytics
  20. 20. CDNs
  21. 21. fonts
  22. 22. content 😕
  23. 23. https://github.com/   bramus/mixed-­‐content-­‐scan
  24. 24. <script  src="//google.com/…   <script  src="https://googl…
  25. 25. <script  src="//google.com/…   <script  src="https://googl…
  26. 26. performance
  27. 27. 2008 HTTPS is slow
  28. 28. 2008 HTTPS is slow 2015 HTTPS is fast
  29. 29. Many graphics from The Noun Project Tombstone by Jakob Wells. Money by Nick Levesque. Shield by Wayne Thayer. SEO by Azis. Gauge by Dalpat Prajapati. Scribble by Michael Chanover. Lock with keyhole by Brennan Novak. Warning by Icomatic. Error by Anas Ramadan.
  30. 30. problems
  31. 31. problems
  32. 32. solved problems
  33. 33. NoHTTPS? ask nicely.
  34. 34. NoHTTPS? SoundCite placehold.it
  35. 35. mixedcontent
  36. 36. mixedcontent $  mixed-­‐content-­‐scan
  37. 37. mixedcontent Content-­‐Security-­‐Policy:      upgrade-­‐insecure-­‐requests
  38. 38. mixedcontent Content-­‐Security-­‐Policy-­‐ Report-­‐Only:  default-­‐src   https:  data:  'self'   'unsafe-­‐inline'  'unsafe-­‐ eval';  report-­‐uri:   https://myserver.com/log-­‐ tool/
  39. 39. mixedcontent

HTTP is dead. Here’s why, and what you need to know to migrate to HTTPS. Delivered to the BigWP Meetup NYC on September 15, 2015. Detailed guide: https://docs.google.com/document/d/1EJKAoa4Hxc4AyH0znuA_AAplcNeNejEhATFptFX-OME/edit

Views

Total views

15,903

On Slideshare

0

From embeds

0

Number of embeds

12,100

Actions

Downloads

11

Shares

0

Comments

0

Likes

0

×