Google https pandemia give a chance for http sites
 

SE traffic is growing on my http sites. Looks like competitors who started migration to https created a lot of mistakes and problems when switch sites to https, lost SEO scores and lost good index positions.

Nice while it lasts

sites who switch to https that don't need https, but do it just because google says so, are retarded.

Slaves of google who change their sites whenever google hiccups... It's the most stupid thing you can do.

major site switch correctly http->https from first time is practically impossible

I agree with most of that. I would say only sites like paysites need https.

Yep, or sites which have members. Adding https to free site would be completely stupid.

In HTTPS the requests for URLs are in plain text -- HTTPS only encrypts the data exchange.

Copyright infringing data (like tube videos) could not be sniffed and would fly under the radar. Illegal communication could not be sniffed by the NSA and other security agencies < heads into wehateporn territory.

? The only thing a sniffer will see in plain text is the hostname when the browser supports SNI. Everything else, including the specific object request, is encrypted.

No. Only the domain will be seen, not the particular URLs. RTFM.

OK just the domain AFTER the First connection -- all the better to hide the pirate URI

This is just Google hiding its malfeasance, nonfeasance or misfeasance ... depends on your POV
[url]https://www.google.com/url?sa=t&rct=j&q
.....
=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=
0ahUKEwjF_d_-07rSAhXq44MKHS6FAM0QFggcMAA&


... url=http%3A%2F%2Fwww.gingersoftware.com%2Fenglish-online%2Fspelling-book%2Fconfusing-words%2Fmalfeasance-misfeasance-nonfeasance&usg=AFQjCNGrwWsioAsL0FLdUHX5h27RN3aICg &sig2=lhZXCElMsRIFjuybETtl3A

Mouse over the link ^^^ get it?
The redirect it NOT encrypted
I had to break it up

Google link starts with https, which means the redirect is encrypted... even if the destination site is not. I don't get your point.

In case there are ANY questions
 

---- sniffing packet headers is trivial------------------------------------------------------
https://www.google.com/url?sa=t&rct=...sRIFjuybETtl3A

GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&u act=8&ved=0ahUKEwjF_d_-07rSAhXq44MKHS6FAM0QFggcMAA&url=http%3A%2F%2Fwww.gingersoftware.com%2Fenglish-online%2Fspelling-book%2Fconfusing-words%2Fmalfeasance-misfeasance-nonfeasance&usg=AFQjCNGrwWsioAsL0FLdUHX5h27RN3aICg&sig2=lhZXC ElMsRIFjuybETtl3A HTTP/1.1
Host: Google
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Cookie: NID=98=JOUZw9ThfqdCvjW7_4ngFA7WfZoYjjvxtnoXpmSOEuB C4Rbj5bM0BgO-Vr2BrncEpjB0byEe86eGRY1rDms3QxKIzk0vwsJDwf7F4_5Zd3 PY4q32H4Rxw_YxJWNHy99SgK6uzj9zc2W0MGE-CKLzFCOymXqzTIS55Wotl5CHAp0NQbHZ6lCGsvQHU8Z6hpLLgz-RiQnLg3qGKvyZtF0aZx6x4tBS4OWwIEX-KoobOsRnijx3dA7FRCebjryxywLtKTUperXf1nCZCQF0nG9QOW J0tnGvoJIGo1WtH464JPJaXyZT1FHVvmOw9pdvLOFu33H6qaTJ VzyC7LyIEHGFGSXpBclweWho62Nks1UGwiDIo2rSmRDFMbkal3 D-4Pz4v8bEXkEPUQng; OGPC=5061451-2:5061821-6:873035776-6:807236608-1:; OGP=-5061451:-5061821:; CONSENT=YES+US.en+20170205-19-0; _ga=GA1.1.282654208.1487131261; SID=ZgQoVCyguOgGLHpvARuyX-vtA6vyJ4yEFf5NyVTXvr1ZciNd9_xlU4VVOGQTd46-1Wk7Tg.; HSID=Ae1blZ7UboHaBMAlA; SSID=AB52v6bMy-2EkofLH; APISID=n80mTK3bKNVnCcnD/AyRCDDkDadctMAEAX; SAPISID=_wAqM_DQq38gDQcp/A9jWzkVO4ITbHQ3eP; GMAIL_RTT=895; S=billing-ui-v3=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:billing-ui-v3-efe=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:quotestreamer=5WYvYeOd4VmZMYhjyx3M CQ
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/2.0 200 OK
Date: Fri, 03 Mar 2017 15:42:41 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=86400
Content-Encoding: gzip
Server: gws
Content-Length: 319
x-xss-protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="36,35,34"
X-Firefox-Spdy: h2

https://www.google.com/url?sa=t&rct=...t-gTGofWfUBkkQ

GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0ahUK EwjF_d_-07rSAhXq44MKHS6FAM0QFggiMAE&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FMisfeasance&usg=AFQjCNFxl4FRQV6DJdxJKgfle_VvuSp3Fw&sig2=dxXJr LE_t-gTGofWfUBkkQ HTTP/1.1
Host: Google
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Cookie: NID=98=JOUZw9ThfqdCvjW7_4ngFA7WfZoYjjvxtnoXpmSOEuB C4Rbj5bM0BgO-Vr2BrncEpjB0byEe86eGRY1rDms3QxKIzk0vwsJDwf7F4_5Zd3 PY4q32H4Rxw_YxJWNHy99SgK6uzj9zc2W0MGE-CKLzFCOymXqzTIS55Wotl5CHAp0NQbHZ6lCGsvQHU8Z6hpLLgz-RiQnLg3qGKvyZtF0aZx6x4tBS4OWwIEX-KoobOsRnijx3dA7FRCebjryxywLtKTUperXf1nCZCQF0nG9QOW J0tnGvoJIGo1WtH464JPJaXyZT1FHVvmOw9pdvLOFu33H6qaTJ VzyC7LyIEHGFGSXpBclweWho62Nks1UGwiDIo2rSmRDFMbkal3 D-4Pz4v8bEXkEPUQng; OGPC=5061451-2:5061821-6:873035776-6:807236608-1:; OGP=-5061451:-5061821:; CONSENT=YES+US.en+20170205-19-0; _ga=GA1.1.282654208.1487131261; SID=ZgQoVCyguOgGLHpvARuyX-vtA6vyJ4yEFf5NyVTXvr1ZciNd9_xlU4VVOGQTd46-1Wk7Tg.; HSID=Ae1blZ7UboHaBMAlA; SSID=AB52v6bMy-2EkofLH; APISID=n80mTK3bKNVnCcnD/AyRCDDkDadctMAEAX; SAPISID=_wAqM_DQq38gDQcp/A9jWzkVO4ITbHQ3eP; GMAIL_RTT=895; S=billing-ui-v3=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:billing-ui-v3-efe=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:quotestreamer=5WYvYeOd4VmZMYhjyx3M CQ
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/2.0 200 OK
Date: Fri, 03 Mar 2017 15:51:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=86400
Content-Encoding: gzip
Server: gws
Content-Length: 281
x-xss-protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="36,35,34"
X-Firefox-Spdy: h2
----------------------------------------------------------
https://en.wikipedia.org/wiki/Misfeasance

Are you looking at these headers through a browser extension, or sniffing TCP/IP packets? I suspect it's the former.

You do know that HTTPS is standard HTTP encrypted via TLS, right? So the browser will still send HTTP headers to the remote server.

Google is making you work to cover their own ass -- clever cunts

Pay me to set up a snort -- for GFY proof -- you are out of youR mind.

Prove it -- the FIRST connection is in plain text
between the browser and the client
with the FULL URL

maybe it is

31
down vote


New answer to old question, sorry. I thought I'd add my $.02

The OP asked if the headers were encrypted.

They are: in transit.

They are NOT: when not in transit.

So, your browser's URL (and title, in some cases) can display the querystring (which usually contain the most sensitive details) and some details in the header; the browser knows some header information (content type, unicode, etc); and browser history, password management, favorites/bookmarks, and cached pages will all contain the querystring. Server logs on the remote end can also contain querystring as well as some content details.

security - Are HTTPS headers encrypted? - Stack Overflow

who fucking cares if it is not confidential data the WHY THE FUCK does in matter?

You boss finds out you are wanking on the job? are you that gullible?

Jump for joy LMAO

Sorry I went off but Fuck Google and this https nonsense.

Should I give a fuck about protecting users from their governments knowing what porn they are watching?

Why should I have to work, at my expense, to protect internet users from their government's (or others ) intrusive behavior? I can not think of any good reason.
So I can get school kids on our adult websites safely? How is that going to make me any money?
Fuck Google