Why do People secure selective Pages only using SSL in their Websites?

When People buy SSL Certificates for their websites, they can use it for all Pages in the domain. Why then they use it for selective pages only.

Typically you will find that all E-Commerce Solutions like Magento, ZenCart etc will have settings for Secure Page and Insecure Page.

They will typically have their Checkout and Payment Processing related pages secured using https while all other parts of the site will remain insecure.

Does using SSL in all Pages has a Performance Overhead? As in the Load on Server will increase if you used SSL in all Pages?

How will a Customer, Vendor, Payment Processor gain Conf开发者_如何学Cidence in your site if you didn't use SSL in your Home Page? As they will probably land in your Home Page only.

---

While it's true that encrypting public information is not as valuable, it's not the case that it's worthless because it provide authenticity.

Consider the New York Times website. It's not encrypted because all the information is public. However, if you were to MITM the WiFi network at a major financial conference and inject stories about a market crash, that could be an effective attack against the authenticity of the page.

Additionally, if forms are on unencrypted pages then it hardly matters if they submit over HTTPS because the attacker can rewrite the action URL and the user is none the wiser.

---

Basically, you only need to use SSL when you post and get data from the server which are sensitive.

There is no benefits to be SSL on a static web site that only throw general and public information to the browser.

SSL encrypt the data on the Request and response so yes, your performance can suffer for nothing on the static part of your web site.