From 19 September 2017 onwards, all SiteBuilder pages on the University's website are delivered over HTTPS, instead of HTTP. The S stands for secure. This means that all communication between the web browser and the University's website is encrypted and also allows us to use new features in web browsers to speed up the website.
In the near future, web browsers will show a Not Secure warning for all sites served over HTTP. This could worry visitors, for whom trust in Warwick is important. That's why it is important we make these changes now.
When is this happening?
We made the change on Tuesday 19 September 2017.
What are the changes?
When you access a link to a SiteBuilder page that starts with
http://, we send a redirect to your web browser so the link starts with
https:// instead, and your browser shows that the page is ‘Secure’. We automatically change pages so that directly linked web content is also requested over HTTPS.
For the vast majority of pages, everything continues to work as before when your pages are accessed over HTTPS. You don't need to change any links to other SiteBuilder pages over HTTP. We rewrite these links to HTTPS when they're clicked.
When you edit web pages with links to external sites that start
http://, we add a small red padlock to the link so that the user knows they're leaving a secure site and being linked to an insecure site.
What do I need to do?
There are two things you can do to make sure everything runs smoothly:
- If your web pages contain custom code snippets or linked content check them for
http://references, as we can't rewrite these automatically.
- Links to external web sites are not rewritten to use the HTTPS version, so you may want to manually update these (where there's a secure version available) to remove the red padlock. You can run a links check over the sites or pages you're responsible for. Any links or images linked over HTTP are identified in the report as ‘Insecure’.
Why is this happening?
There are several reasons why accessing our website over HTTPS instead of HTTP is a good idea.
HTTPS protects the integrity of the website
HTTPS helps prevent intruders from changing the content of our website by controlling the network connection between the web browser and the server. Intruders include intentionally malicious attackers, and legitimate but intrusive companies such as ISPs or hotels that inject ads into pages. Intrusions can occur at any point in the network, including a user's machine, a Wi-Fi hotspot, or a compromised ISP, just to name a few.
HTTPS protects the privacy and security of our users
HTTPS prevents intruders from being able to passively listen to communications between our website and our users. Every unprotected HTTP request can potentially reveal information about the behaviours and identities of our users. Although a single visit to an unprotected website may seem benign, some intruders look at the aggregate browsing activities of users to make inferences about their behaviours and intentions, and to de-anonymise their identities.
HTTPS lets us speed up the website
When a user in a modern web browser accesses web pages over HTTPS, they can use features of HTTP/2 to make many requests at once and speed up page load times.
HTTPS will become mandatory
In the near future, web browsers will show a ‘Not Secure’ warning for all websites served over HTTP. This could worry visitors, for whom trust in Warwick is important. Google have also said that they will rank non-HTTPS sites lower.