I followed +Pierre Far and +Ilya Grigorik's advice: I purchased an SSL certificate and set up HTTPS + HSTS (http://en.wikipedia.org/wiki/Strict_Transport_Security) on my personal website, https://www.giacomopelagatti.it/, which now 301-redirects all HTTP requests to the corresponding HTTPS URLs, and issues the following response header:

Strict-Transport-Security: max-age=31536000; includeSubDomains

I did it mainly because I wanted to see how difficult it is to complete this task, from an average webmaster's point of view (okay, I'm probably not an "average" webmaster, but I got the idea). :)

From the start of the certificate purchase process to the end of the server-side configuration (including all necessary checks to verify that everything worked as it should), it took me about 1 hour. I guess the fact that my site runs on WordPress made some things much easier, although I used no plugins. After that, I added and verified the HTTPS version of my website in Google Webmaster Tools (and connected it to the corresponding Google Analytics property), submitted the new XML sitemap URL, and updated a couple of external links. This other stuff took me maybe another 10 minutes.

The SSL certificate cost me $9, from Namecheap.com.

What about you?

Are you going to make your site #securebydefault  later this year, and if so, why? :)
At Google I/O earlier this week, +Ilya Grigorik and I talked about how to implement HTTPS on all your sites. We covered a ton of topics like why you need HTTPS, how to deploy it correctly that doesn't impact website performance (we talked about HSTS, session resumption, SPDY, and more), and how to make sure your secure sites get indexed correctly (lots of indexing signals!). Check it out:

Google I/O 2014 - HTTPS Everywhere

We referenced some docs and tools. Here they are to dig into:

https://istlsfastyet.com/ (The answer is a resounding "yes")

and, of course, https://www.google.com/webmasters/tools/
Shared publiclyView activity