Surprisingly, some major websites only have SSL for the checkout process.
I was investigating datasets at DataProvider this morning and searched for large e-commerce sites that don’t have SSL. I was surprised to see some big names on the list.
Some sites have SSL, but only during the checkout process.
For example, if you go to gap.com you will not be on SSL. When it’s time to check out you are sent to secure-www.gap.com, which does have SSL.
Similarly for HomeDepot, the checkout process is on secure2.homedepot.com.
Neither https://gap.com nor https://homedepot.com resolves.
While it might not be a huge deal to lack SSL when you aren’t submitting passwords and payment information, both of these sites have form fields on non-SSL URLs. Next month Chrome will start showing a security message when someone starts typing in these fields. I’m not sure if this will include the search field, but it will certainly include email opt-in forms and this contact page.
Brookstone.com is another site that has SSL issues. https://www.brookstone.com works, but it doesn’t work if you don’t type the www. Also, visiting http://brookstone.com doesn’t forward you to the SSL version. You only see an SSL when you’re in the cart.
Even there, I went to a checkout page this morning that looks like this:
Although the URL for this page is https://, Google gives a warning that says “Your connection to this site is not fully secure” and warns you to not enter a password.