My work over the past few years has landed me firmly in the encrypt all the things camp. Today, I’m flipping the switch on my personal site: davepeck.org now requires HTTPS.

Since my site is served via CloudFront, I opted to use SNI to save money; if you’re a Windows XP, IE 6, or Android 2.x user, you’ll be out of luck. I think that’s a fair trade.

To smooth the transition, I’ll keep an HTTP-to-HTTPS redirect live for the foreseeable future. Once CloudFront adds support, I plan to surface HSTS headers with far-future expiry.