

Namecheap fails to use HTTPS with Credit Card information - Sami_Lehtinen
https://plus.google.com/106938703242944328523/posts/bukuS1ZT4sG

======
chrislaco
I just logged in and added something to my cart. The cart was in https. And
clicking of the checkout, express, or credit card related buttons yields https
pages.

I'm guessing something less sinister, like a missed [https://](https://) in a
link somewhere.

~~~
Sami_Lehtinen
Maybe the should make user cookies HTTPS only, and use HSTS. Sites with
"private" information shouldn't allow plain http access at all, afaik.

Anyway, isn't it just the classic way of doing it. "Big note on front page
saying, that we're having trouble with out SSL cert and then saying that it's
ok to login without." ;) Yet another reason why SQRLs "domain name" site
authentication isn't a good idea.

Btw. I have heard even from credit card processors the same story. Oh, our API
SSL cert expired, it's totally ok to to change settings that it's ignored.
(duh!)

------
chrislaco
Possibly:
[http://status.namecheap.com/?p=13788](http://status.namecheap.com/?p=13788)

