HTTP links: avoid 301 redirects to HTTPS #11343
Labels
c: Website matomo.org
For issues related to our matomo.org website.
not-in-changelog
For issues or pull requests that should not be included in our release changelog on matomo.org.
Milestone
A lot of links are still on http. Many of them get 301-redirected to https. Which is good: The 301-redirect should remain, to not break existing links somewhere in the wild.
But on web pages hosted by piwik, piwik should migrate the links to https, so that users get to the https version without being 301-redirected.
Reason:
Security: 301-redirects are requests which are requested and responded via http. Which is unencrypted, and more important, not safe against manipulation and not authenticating the server. E.g. MITM can manipulate the target URL to something phishy.
Performance: Reducing the number of 301-redirects which are actually executed every day improves the performance of a web page (saves a round trip for each and every 301 redirect). Performance is not the main point for me, just nice to have.
Now that piwik already 301-redirects most of its http links to https, a link checker can be taken to analyze all these 301-redirects and fix them to https where possible. That should work for all links to https-only web sites (including external links like e.g. links to twitter).
First impression: https://validator.w3.org/checklink?uri=https%3A%2F%2Fpiwik.org&hide_type=all&recursive=on&depth=5&check=Check
This issue is a follow-up to #8236
The text was updated successfully, but these errors were encountered: