User:Eighty5cacao/misc/Common objections to HTTPS support
- This is a very rough outline.
(...the bad practice is not designing and budgeting for full HTTPS support in the first place. Make an analogy to physical security, similar to this one by EFF)
My website doesn't have any sensitive information
Price of hosting
(something about IE/XP no longer officially being a problem since April 2014, but Android 2.x devices are still in use)
(some people may worry about the energy efficiency of computation)
WIP wording: If "not supporting HTTPS" is the main point of your energy-saving strategy, you very likely have bigger problems.
(manual labor involved every year to renew and install certificates)
CDNs and other proxies
To ease some of the server load, a server operator can put it behind a caching proxy CDN such as CloudFlare or Amazon CloudFront. Such a CDN makes a single HTTPS request to the origin server and then reuses the data to handle incoming requests from clients.
(but what about caching proxies near the client?)
Not perfectly secure
("Who needs a heart when a heart can be broken" ...so why is it worthwhile? mention appropriate points from sections above)
New vs. existing websites
Q: "All this advice seems fine for new websites. However, a lot of owners of existing websites wouldn't be happy..."
A: ... (TODO: mention appropriate items from above)