InformAction Forums

Can a website direct you to a webpage that has a https:// connection and still be unsecure? I've noticed that NS will not force such a website to be secure.

An example is Grandtea.com at http://www.grandtea.com/

Once you see https://www.grandtea.com in the url bar, your connection is encrypted and secure from eavesdropping.
Grandtea.com looks safe enough to me. It switches itself to https as soon as I select Checkout. That said, I was also able to successfully force https by adding the following to NoScript Options > Advanced > HTTPS > Behavior > Force the following sites to use secure connections: Edit: https as soon as I select Checkout

Alan Baxter wrote:Once you see https://www.grandtea.com in the url bar, your connection is encrypted and secure from eavesdropping.

Followup:
Apparently that's true only if the favicon turns blue or green too.
The Checkout page had an https connection and the blue favicon in the url bar. I think the blue favicon with grandtea.com in it indicates that all the content on the page was encrypted. But if I enter https://www.grandtea.com/ into the url bar, then the favicon doesn't change to blue. I clicked on the favicon and then clicked More Information to bring up the Page Info > Security information. Its technical details say that parts of the page I'm viewing are not encrypted. I think that's OK; they weren't sending me any information that needed to be encrypted.

Alan Baxter wrote:Apparently that's true only if the favicon turns blue or green too.
The Checkout page had an https connection and the blue favicon in the url bar. I think the blue favicon with grandtea.com in it indicates that all the content on the page was encrypted. But if I enter https://www.grandtea.com/ into the url bar, then the favicon doesn't change to blue. I clicked on the favicon and then clicked More Information to bring up the Page Info > Security information. Its technical details say that parts of the page I'm viewing are not encrypted. I think that's OK; they weren't sending me any information that needed to be encrypted.

The favicon not changing color plus the padlock icon at the bottom of the window not "locking" is what made me suspicious. Thanks for clearing things up!

You're welcome. Happy shopping!

Alan Baxter wrote:I think that's OK; they weren't sending me any information that needed to be encrypted.

But you should be aware of the fact that these unencrypted information can be manipulated. HTTPS is not only about encryption.