Https is the secure version of http, and is the protocol over which sensitive data is sent between your browser and the website that you are connected to. Https used to be used to protect and encrypt highly confidential online transactions like online banking and online shopping forms, but it is now increasingly being recommended generally whenever a visitor enters any data (such as an email when subscribing) in a website.
In order to ensure a secure connection, when you request a https connection to a webpage, the website will send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session.
Beginning in October 2017 with Google's newest version of Chrome (v. 62), Google is leading the trend towards insisting on encrypted communication between browser and website by becoming more aggressive with their warning messaging for http sites. Any sites using http that include a form where the visitor enters data (such as an email) will show a "not secure" message in the address bar.
Image/GIF Source: Is HTTPS Good for SEO?
Papers on the paper.li domain
All papers on the paper.li domain automatically use https, so no action is needed to ensure https protocol is used.
Papers on a custom domain
Once you set up your custom domain, we no longer have a matching SSL certificate, so are not able to return the public key to begin the secure https session. Our SSL certificate works only on paper.li domains.
For users who would nevertheless like to use https protocol on their custom domain, we support SSL encryption but the solution requires that the domain be configured through https://www.cloudflare.com/ssl
Signing up and adding your new custom domain to cloudflare is free (for a single site).
The setup is incredibly easy.
1. We recommend you first set up your custom domain
with paper.li and ensure that it's functional before
adding your site to Cloudflare.
2. Once you've ensured your custom domain is functional with paper.li on http, sign up with Cloudflare and give them your new domain name. They will scan it and add it to their service. The whole process takes just a couple of minutes (though it can take up to 24 hours for the SSL to take effect).
3. Once the setup in cloudflare is complete, to ensure that the site always uses https:
Under the Cloudflare Crypto tab:
- Under the SSL section, set SSL to "flexible" in the dropdown menu.
- Under "Always use HTTPS", turn toggle to ON
If you have any custom code installed in header, footer, and/or ad units, verify that all URLs referenced in your custom code are using https.
Note: Once you have added your site to Cloudflare, we are unable to provide support, but the kind folks at Cloudflare will be happy to help.