Google https pandemia give a chance for http sites - GoFuckYourself.com

Odysseus · 03-03-2017, 05:02 AM

SE traffic is growing on my http sites. Looks like competitors who started migration to https created a lot of mistakes and problems when switch sites to https, lost SEO scores and lost good index positions.

wehateporn · 03-03-2017, 05:10 AM

Nice while it lasts

nico-t · 03-03-2017, 05:31 AM

sites who switch to https that don't need https, but do it just because google says so, are retarded.

Slaves of google who change their sites whenever google hiccups... It's the most stupid thing you can do.

Odysseus · 03-03-2017, 05:40 AM

major site switch correctly http->https from first time is practically impossible

j3rkules · 03-03-2017, 05:57 AM

Quote:

Originally Posted by nico-t

sites who switch to https that don't need https, but do it just because google says so, are retarded.

Slaves of google who change their sites whenever google hiccups... It's the most stupid thing you can do.

I agree with most of that. I would say only sites like paysites need https.

Klen · 03-03-2017, 06:01 AM

Quote:

Originally Posted by j3rkules

I agree with most of that. I would say only sites like paysites need https.

Yep, or sites which have members. Adding https to free site would be completely stupid.

Barry-xlovecam · 03-03-2017, 06:11 AM

In HTTPS the requests for URLs are in plain text -- HTTPS only encrypts the data exchange.

Copyright infringing data (like tube videos) could not be sniffed and would fly under the radar. Illegal communication could not be sniffed by the NSA and other security agencies < heads into wehateporn territory.

rowan · 03-03-2017, 07:31 AM

Quote:

Originally Posted by Barry-xlovecam

In HTTPS the requests for URLs are in plain text -- HTTPS only encrypts the data exchange.

? The only thing a sniffer will see in plain text is the hostname when the browser supports SNI. Everything else, including the specific object request, is encrypted.

just a punk · 03-03-2017, 08:24 AM

Quote:

Originally Posted by Barry-xlovecam

In HTTPS the requests for URLs are in plain text -- HTTPS only encrypts the data exchange.

No. Only the domain will be seen, not the particular URLs. RTFM.

Barry-xlovecam · 03-03-2017, 08:36 AM

OK just the domain AFTER the First connection -- all the better to hide the pirate URI

This is just Google hiding its malfeasance, nonfeasance or misfeasance ... depends on your POV
[url]https://www.google.com/url?sa=t&rct=j&q
.....
=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=
0ahUKEwjF_d_-07rSAhXq44MKHS6FAM0QFggcMAA&

... url=http%3A%2F%2Fwww.gingersoftware.com%2Fenglish-online%2Fspelling-book%2Fconfusing-words%2Fmalfeasance-misfeasance-nonfeasance&usg=AFQjCNGrwWsioAsL0FLdUHX5h27RN3aICg &sig2=lhZXCElMsRIFjuybETtl3A

Mouse over the link ^^^ get it?
The redirect it NOT encrypted
I had to break it up

rowan · 03-03-2017, 08:46 AM

Google link starts with https, which means the redirect is encrypted... even if the destination site is not. I don't get your point.

Barry-xlovecam · 03-03-2017, 08:49 AM

---- sniffing packet headers is trivial------------------------------------------------------
https://www.google.com/url?sa=t&rct=...sRIFjuybETtl3A

GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&u act=8&ved=0ahUKEwjF_d_-07rSAhXq44MKHS6FAM0QFggcMAA&url=http%3A%2F%2Fwww.gingersoftware.com%2Fenglish-online%2Fspelling-book%2Fconfusing-words%2Fmalfeasance-misfeasance-nonfeasance&usg=AFQjCNGrwWsioAsL0FLdUHX5h27RN3aICg&sig2=lhZXC ElMsRIFjuybETtl3A HTTP/1.1
Host: Google
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Cookie: NID=98=JOUZw9ThfqdCvjW7_4ngFA7WfZoYjjvxtnoXpmSOEuB C4Rbj5bM0BgO-Vr2BrncEpjB0byEe86eGRY1rDms3QxKIzk0vwsJDwf7F4_5Zd3 PY4q32H4Rxw_YxJWNHy99SgK6uzj9zc2W0MGE-CKLzFCOymXqzTIS55Wotl5CHAp0NQbHZ6lCGsvQHU8Z6hpLLgz-RiQnLg3qGKvyZtF0aZx6x4tBS4OWwIEX-KoobOsRnijx3dA7FRCebjryxywLtKTUperXf1nCZCQF0nG9QOW J0tnGvoJIGo1WtH464JPJaXyZT1FHVvmOw9pdvLOFu33H6qaTJ VzyC7LyIEHGFGSXpBclweWho62Nks1UGwiDIo2rSmRDFMbkal3 D-4Pz4v8bEXkEPUQng; OGPC=5061451-2:5061821-6:873035776-6:807236608-1:; OGP=-5061451:-5061821:; CONSENT=YES+US.en+20170205-19-0; _ga=GA1.1.282654208.1487131261; SID=ZgQoVCyguOgGLHpvARuyX-vtA6vyJ4yEFf5NyVTXvr1ZciNd9_xlU4VVOGQTd46-1Wk7Tg.; HSID=Ae1blZ7UboHaBMAlA; SSID=AB52v6bMy-2EkofLH; APISID=n80mTK3bKNVnCcnD/AyRCDDkDadctMAEAX; SAPISID=_wAqM_DQq38gDQcp/A9jWzkVO4ITbHQ3eP; GMAIL_RTT=895; S=billing-ui-v3=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:billing-ui-v3-efe=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:quotestreamer=5WYvYeOd4VmZMYhjyx3M CQ
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/2.0 200 OK
Date: Fri, 03 Mar 2017 15:42:41 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=86400
Content-Encoding: gzip
Server: gws
Content-Length: 319
x-xss-protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="36,35,34"
X-Firefox-Spdy: h2

Barry-xlovecam · 03-03-2017, 08:53 AM

https://www.google.com/url?sa=t&rct=...t-gTGofWfUBkkQ

GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0ahUK EwjF_d_-07rSAhXq44MKHS6FAM0QFggiMAE&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FMisfeasance&usg=AFQjCNFxl4FRQV6DJdxJKgfle_VvuSp3Fw&sig2=dxXJr LE_t-gTGofWfUBkkQ HTTP/1.1
Host: Google
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Cookie: NID=98=JOUZw9ThfqdCvjW7_4ngFA7WfZoYjjvxtnoXpmSOEuB C4Rbj5bM0BgO-Vr2BrncEpjB0byEe86eGRY1rDms3QxKIzk0vwsJDwf7F4_5Zd3 PY4q32H4Rxw_YxJWNHy99SgK6uzj9zc2W0MGE-CKLzFCOymXqzTIS55Wotl5CHAp0NQbHZ6lCGsvQHU8Z6hpLLgz-RiQnLg3qGKvyZtF0aZx6x4tBS4OWwIEX-KoobOsRnijx3dA7FRCebjryxywLtKTUperXf1nCZCQF0nG9QOW J0tnGvoJIGo1WtH464JPJaXyZT1FHVvmOw9pdvLOFu33H6qaTJ VzyC7LyIEHGFGSXpBclweWho62Nks1UGwiDIo2rSmRDFMbkal3 D-4Pz4v8bEXkEPUQng; OGPC=5061451-2:5061821-6:873035776-6:807236608-1:; OGP=-5061451:-5061821:; CONSENT=YES+US.en+20170205-19-0; _ga=GA1.1.282654208.1487131261; SID=ZgQoVCyguOgGLHpvARuyX-vtA6vyJ4yEFf5NyVTXvr1ZciNd9_xlU4VVOGQTd46-1Wk7Tg.; HSID=Ae1blZ7UboHaBMAlA; SSID=AB52v6bMy-2EkofLH; APISID=n80mTK3bKNVnCcnD/AyRCDDkDadctMAEAX; SAPISID=_wAqM_DQq38gDQcp/A9jWzkVO4ITbHQ3eP; GMAIL_RTT=895; S=billing-ui-v3=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:billing-ui-v3-efe=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:quotestreamer=5WYvYeOd4VmZMYhjyx3M CQ
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/2.0 200 OK
Date: Fri, 03 Mar 2017 15:51:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=86400
Content-Encoding: gzip
Server: gws
Content-Length: 281
x-xss-protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="36,35,34"
X-Firefox-Spdy: h2
----------------------------------------------------------
https://en.wikipedia.org/wiki/Misfeasance

rowan · 03-03-2017, 08:54 AM

Are you looking at these headers through a browser extension, or sniffing TCP/IP packets? I suspect it's the former.

You do know that HTTPS is standard HTTP encrypted via TLS, right? So the browser will still send HTTP headers to the remote server.

Barry-xlovecam · 03-03-2017, 08:55 AM

Google is making you work to cover their own ass -- clever cunts

Barry-xlovecam · 03-03-2017, 08:56 AM

Quote:

Originally Posted by Barry-xlovecam

Google is making you work to cover their own ass -- clever cunts

Pay me to set up a snort -- for GFY proof -- you are out of youR mind.

Barry-xlovecam · 03-03-2017, 09:08 AM

Prove it -- the FIRST connection is in plain text
between the browser and the client
with the FULL URL

maybe it is

31
down vote

New answer to old question, sorry. I thought I'd add my $.02

The OP asked if the headers were encrypted.

They are: in transit.

They are NOT: when not in transit.

So, your browser's URL (and title, in some cases) can display the querystring (which usually contain the most sensitive details) and some details in the header; the browser knows some header information (content type, unicode, etc); and browser history, password management, favorites/bookmarks, and cached pages will all contain the querystring. Server logs on the remote end can also contain querystring as well as some content details.

security - Are HTTPS headers encrypted? - Stack Overflow

who fucking cares if it is not confidential data the WHY THE FUCK does in matter?

You boss finds out you are wanking on the job? are you that gullible?

Jump for joy LMAO

Barry-xlovecam · 03-03-2017, 10:01 AM

Sorry I went off but Fuck Google and this https nonsense.

Should I give a fuck about protecting users from their governments knowing what porn they are watching?

Why should I have to work, at my expense, to protect internet users from their government's (or others ) intrusive behavior? I can not think of any good reason.
So I can get school kids on our adult websites safely? How is that going to make me any money?
Fuck Google

03-03-2017, 05:02 AM	#1
Odysseus Confirmed User Industry Role: Join Date: Apr 2005 Location: www.gfy.com Posts: 745	Google https pandemia give a chance for http sites SE traffic is growing on my http sites. Looks like competitors who started migration to https created a lot of mistakes and problems when switch sites to https, lost SEO scores and lost good index positions.

03-03-2017, 05:10 AM	#2
wehateporn Promoting Debate on GFY Industry Role: Join Date: Apr 2007 Posts: 27,172	Nice while it lasts __________________ Sexy Girls Teasing

03-03-2017, 08:49 AM	#12
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	In case there are ANY questions ---- sniffing packet headers is trivial------------------------------------------------------ https://www.google.com/url?sa=t&rct=...sRIFjuybETtl3A GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&u act=8&ved=0ahUKEwjF_d_-07rSAhXq44MKHS6FAM0QFggcMAA&url=http%3A%2F%2Fwww.gingersoftware.com%2Fenglish-online%2Fspelling-book%2Fconfusing-words%2Fmalfeasance-misfeasance-nonfeasance&usg=AFQjCNGrwWsioAsL0FLdUHX5h27RN3aICg&sig2=lhZXC ElMsRIFjuybETtl3A HTTP/1.1 Host: Google User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Cookie: NID=98=JOUZw9ThfqdCvjW7_4ngFA7WfZoYjjvxtnoXpmSOEuB C4Rbj5bM0BgO-Vr2BrncEpjB0byEe86eGRY1rDms3QxKIzk0vwsJDwf7F4_5Zd3 PY4q32H4Rxw_YxJWNHy99SgK6uzj9zc2W0MGE-CKLzFCOymXqzTIS55Wotl5CHAp0NQbHZ6lCGsvQHU8Z6hpLLgz-RiQnLg3qGKvyZtF0aZx6x4tBS4OWwIEX-KoobOsRnijx3dA7FRCebjryxywLtKTUperXf1nCZCQF0nG9QOW J0tnGvoJIGo1WtH464JPJaXyZT1FHVvmOw9pdvLOFu33H6qaTJ VzyC7LyIEHGFGSXpBclweWho62Nks1UGwiDIo2rSmRDFMbkal3 D-4Pz4v8bEXkEPUQng; OGPC=5061451-2:5061821-6:873035776-6:807236608-1:; OGP=-5061451:-5061821:; CONSENT=YES+US.en+20170205-19-0; _ga=GA1.1.282654208.1487131261; SID=ZgQoVCyguOgGLHpvARuyX-vtA6vyJ4yEFf5NyVTXvr1ZciNd9_xlU4VVOGQTd46-1Wk7Tg.; HSID=Ae1blZ7UboHaBMAlA; SSID=AB52v6bMy-2EkofLH; APISID=n80mTK3bKNVnCcnD/AyRCDDkDadctMAEAX; SAPISID=_wAqM_DQq38gDQcp/A9jWzkVO4ITbHQ3eP; GMAIL_RTT=895; S=billing-ui-v3=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:billing-ui-v3-efe=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:quotestreamer=5WYvYeOd4VmZMYhjyx3M CQ Connection: keep-alive Upgrade-Insecure-Requests: 1 HTTP/2.0 200 OK Date: Fri, 03 Mar 2017 15:42:41 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=86400 Content-Encoding: gzip Server: gws Content-Length: 319 x-xss-protection: 1; mode=block Alt-Svc: quic=":443"; ma=2592000; v="36,35,34" X-Firefox-Spdy: h2

03-03-2017, 05:31 AM	#3
nico-t emperor of my world Join Date: Aug 2004 Location: nethalands Posts: 29,904	sites who switch to https that don't need https, but do it just because google says so, are retarded. Slaves of google who change their sites whenever google hiccups... It's the most stupid thing you can do.

03-03-2017, 05:40 AM	#4
Odysseus Confirmed User Industry Role: Join Date: Apr 2005 Location: www.gfy.com Posts: 745	major site switch correctly http->https from first time is practically impossible

03-03-2017, 06:11 AM	#7
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	In HTTPS the requests for URLs are in plain text -- HTTPS only encrypts the data exchange. Copyright infringing data (like tube videos) could not be sniffed and would fly under the radar. Illegal communication could not be sniffed by the NSA and other security agencies < heads into wehateporn territory.

03-03-2017, 08:36 AM	#10
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	OK just the domain AFTER the First connection -- all the better to hide the pirate URI This is just Google hiding its malfeasance, nonfeasance or misfeasance ... depends on your POV [url]https://www.google.com/url?sa=t&rct=j&q ..... =&esrc=s&source=web&cd=1&cad=rja&uact=8&ved= 0ahUKEwjF_d_-07rSAhXq44MKHS6FAM0QFggcMAA& ... url=http%3A%2F%2Fwww.gingersoftware.com%2Fenglish-online%2Fspelling-book%2Fconfusing-words%2Fmalfeasance-misfeasance-nonfeasance&usg=AFQjCNGrwWsioAsL0FLdUHX5h27RN3aICg &sig2=lhZXCElMsRIFjuybETtl3A Mouse over the link ^^^ get it? The redirect it NOT encrypted I had to break it up

03-03-2017, 08:46 AM	#11
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,373	Google link starts with https, which means the redirect is encrypted... even if the destination site is not. I don't get your point.

03-03-2017, 08:53 AM	#13
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	https://www.google.com/url?sa=t&rct=...t-gTGofWfUBkkQ GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0ahUK EwjF_d_-07rSAhXq44MKHS6FAM0QFggiMAE&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FMisfeasance&usg=AFQjCNFxl4FRQV6DJdxJKgfle_VvuSp3Fw&sig2=dxXJr LE_t-gTGofWfUBkkQ HTTP/1.1 Host: Google User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Cookie: NID=98=JOUZw9ThfqdCvjW7_4ngFA7WfZoYjjvxtnoXpmSOEuB C4Rbj5bM0BgO-Vr2BrncEpjB0byEe86eGRY1rDms3QxKIzk0vwsJDwf7F4_5Zd3 PY4q32H4Rxw_YxJWNHy99SgK6uzj9zc2W0MGE-CKLzFCOymXqzTIS55Wotl5CHAp0NQbHZ6lCGsvQHU8Z6hpLLgz-RiQnLg3qGKvyZtF0aZx6x4tBS4OWwIEX-KoobOsRnijx3dA7FRCebjryxywLtKTUperXf1nCZCQF0nG9QOW J0tnGvoJIGo1WtH464JPJaXyZT1FHVvmOw9pdvLOFu33H6qaTJ VzyC7LyIEHGFGSXpBclweWho62Nks1UGwiDIo2rSmRDFMbkal3 D-4Pz4v8bEXkEPUQng; OGPC=5061451-2:5061821-6:873035776-6:807236608-1:; OGP=-5061451:-5061821:; CONSENT=YES+US.en+20170205-19-0; _ga=GA1.1.282654208.1487131261; SID=ZgQoVCyguOgGLHpvARuyX-vtA6vyJ4yEFf5NyVTXvr1ZciNd9_xlU4VVOGQTd46-1Wk7Tg.; HSID=Ae1blZ7UboHaBMAlA; SSID=AB52v6bMy-2EkofLH; APISID=n80mTK3bKNVnCcnD/AyRCDDkDadctMAEAX; SAPISID=_wAqM_DQq38gDQcp/A9jWzkVO4ITbHQ3eP; GMAIL_RTT=895; S=billing-ui-v3=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:billing-ui-v3-efe=wjxUkKgwa9UTMxoL-ik2A5M4KcPh6YUA:quotestreamer=5WYvYeOd4VmZMYhjyx3M CQ Connection: keep-alive Upgrade-Insecure-Requests: 1 HTTP/2.0 200 OK Date: Fri, 03 Mar 2017 15:51:44 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=86400 Content-Encoding: gzip Server: gws Content-Length: 281 x-xss-protection: 1; mode=block Alt-Svc: quic=":443"; ma=2592000; v="36,35,34" X-Firefox-Spdy: h2 ---------------------------------------------------------- https://en.wikipedia.org/wiki/Misfeasance

03-03-2017, 08:54 AM	#14
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,373	Are you looking at these headers through a browser extension, or sniffing TCP/IP packets? I suspect it's the former. You do know that HTTPS is standard HTTP encrypted via TLS, right? So the browser will still send HTTP headers to the remote server.

03-03-2017, 08:55 AM	#15
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	Google is making you work to cover their own ass -- clever cunts

03-03-2017, 09:08 AM	#17
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	Prove it -- the FIRST connection is in plain text between the browser and the client with the FULL URL maybe it is 31 down vote New answer to old question, sorry. I thought I'd add my $.02 The OP asked if the headers were encrypted. They are: in transit. They are NOT: when not in transit. So, your browser's URL (and title, in some cases) can display the querystring (which usually contain the most sensitive details) and some details in the header; the browser knows some header information (content type, unicode, etc); and browser history, password management, favorites/bookmarks, and cached pages will all contain the querystring. Server logs on the remote end can also contain querystring as well as some content details. security - Are HTTPS headers encrypted? - Stack Overflow who fucking cares if it is not confidential data the WHY THE FUCK does in matter? You boss finds out you are wanking on the job? are you that gullible? Jump for joy LMAO

03-03-2017, 10:01 AM	#18
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	Sorry I went off but Fuck Google and this https nonsense. Should I give a fuck about protecting users from their governments knowing what porn they are watching? Why should I have to work, at my expense, to protect internet users from their government's (or others ) intrusive behavior? I can not think of any good reason. So I can get school kids on our adult websites safely? How is that going to make me any money? Fuck Google