Tag Archives: HTTPS

Top 7 Myths about HTTPS

January 01th, 2011 - 4:04PM

Myth #7 – HTTPS Never Caches People often claim that HTTPS content is never cached by the browser; perhaps because that seems like a sensible idea in terms of security. In reality, HTTPS caching is controllable with response headers just like HTTP. Eric Lawrence explains this succinctly in his IEInternals blog: It comes as a surprise to many that by-default, all versions of Internet Explorer will cache HTTPS content so long as the caching headers allow it. If a resource is sent with a Cache-Control: max-age=600 directive, for instance, IE will cache the resource for ten minutes. The use of … Continue reading →

Four Tips for Setting up HTTP File Downloads

March 03th, 2010 - 3:31PM

Web sites don’t just contain pages; sometimes you need to provide files that users can download. Putting a file on your web server and linking to it from an HTML page is just the first step. You also need to be aware of the HTTP response headers that affect file downloads. These four tips cover some of the issues you may run into: Tip #1: Forcing a Download and Controlling the File Name Providing a download link in the HTML is easy: … <a href="http://download.httpwatch.com/httpwatch.exe">Download</a> … It works well for binary files like setup programs and ZIP archives that the … Continue reading →

Using Protocol Relative URLs to Switch between HTTP and HTTPS

February 02th, 2010 - 1:55PM

Attempting to use HTTP resources on an secure web page is a guaranteed way to annoy IE users, because it generates a confusing security warning for anyone running with the default IE settings. Our previous post on fixing this message in IE 8 is responsible for more than 50% of the traffic and comments on this blog. Hopefully, Microsoft will take note and change this in a future version of IE. In the meantime, it’s important to avoid this warning by ensuring that every image, CSS and Javscript file on a secure page is accessed using HTTPS. For content on … Continue reading →