Get Our Newsletter — Subscribe Here

Domain Name Wire | Domain Name News

Domain Name Industry News

Featured Domain Ads

.onl you online
.link
.store Domains

Advertisement

Identity Digital
Home Uncategorized

Gap.com and HomeDepot.com lack full SSL

4 Comments

Surprisingly, some major websites only have SSL for the checkout process.

I was investigating datasets at DataProvider this morning and searched for large e-commerce sites that don’t have SSL. I was surprised to see some big names on the list.

Some sites have SSL, but only during the checkout process.

For example, if you go to gap.com you will not be on SSL. When it’s time to check out you are sent to secure-www.gap.com, which does have SSL.

Similarly for HomeDepot, the checkout process is on secure2.homedepot.com.

Neither https://gap.com nor https://homedepot.com resolves.

While it might not be a huge deal to lack SSL when you aren’t submitting passwords and payment information, both of these sites have form fields on non-SSL URLs. Next month Chrome will start showing a security message when someone starts typing in these fields. I’m not sure if this will include the search field, but it will certainly include email opt-in forms and this contact page.

Brookstone.com is another site that has SSL issues. https://www.brookstone.com works, but it doesn’t work if you don’t type the www. Also, visiting http://brookstone.com doesn’t forward you to the SSL version. You only see an SSL when you’re in the cart.

Even there, I went to a checkout page this morning that looks like this:

Although the URL for this page is https://, Google gives a warning that says “Your connection to this site is not fully secure” and warns you to not enter a password.

Share this post...

Share on LinkedIn Share on Reddit

Related Articles

Advertisement

dot Inc domains

Get Our Newsletter

Stay up-to-date with the latest analysis and news about the domain name industry by joining our mailing list.


No spam, unsubscribe anytime.

Reader Interactions

Comments

    Leave a Comment

  1. Tom T says

    Shocking to see Home Depot on the list. I believe they suffered a major breach of customer information only a few short years ago.

    Reply

  2. steve brady says

    The list goes on forever of homepages not using https://

    QVC.com
    BassPro.com
    Nordstrom.com
    RitzCarlton.com
    Samsung.com
    Dell.com
    Toshiba.com
    Disney.com
    SirusXM.com
    Hp.com
    Pfizer.com
    Merck.com
    Oprah.com
    Stayfree.com

    to name a few more big ones

    Reply

  3. Eric Lyon says

    I don’t see why a company would opt to only have SSL in certain places and not cover all data sectors. Trying to cut costs maybe? Or maybe they had a bad security advisor?

    Reply

    • Luc says

      For a long time SSL pages were MUCH SLOWER to load initially in the browser because a secure connection and handshake had to be established, adding about 1.5s – 2.5s to the page render time.

      This was the major reason most services, especially established ones did not use SSL except only when necessary.

      However, I was just made aware that recently Chrome+Firefox got together and worked out a way to significantly speed up SSL page loading. Many SSL pages now load faster than non-ssl pages.

      However, the legacy code that exists on those major sites will take forever to change.

      Reply

About DNW

Domain Name Wire is a trade publication for the domain name industry covering topics relevant to domain investors, brand owners, policy makers, domain registrars and registries, and more. Read More About DNW

Get Our Newsletter

Stay up-to-date with the latest analysis and news about the domain name industry by joining our mailing list.


No spam, unsubscribe anytime.

Domain Name Wire | Domain Name News
%d bloggers like this: