«HTTPS»–ի խմբագրումների տարբերություն

▲A site must be completely hosted over HTTPS, without having some of its contents loaded over HTTP, or the user will be vulnerable to some attacks and surveillance. For example, having scripts etc. loaded insecurely on an HTTPS page makes the user vulnerable to attacks. Also having only a certain page that contains sensitive information (such as a log-in page) of a website loaded over HTTPS, while having the rest of the website loaded over plain HTTP, will expose the user to attacks. On a site that has sensitive information somewhere on it, every time that site is accessed with HTTP instead of HTTPS the user and the session will get exposed. Similarly, [[HTTP cookie|cookies]] on a site served through HTTPS have to have the [[secure cookie|secure attribute]] enabled.<ref name=deployhttpscorrectly />