Forums Secure/Not Secure

This is kinda random, but I was wondering how the forums decide if they wanna be secure or not secure. Like earlier it was secure, currently it is not secure, when I reload the page it’ll be secure again. Why does it work like that?

Also, because I have no clue, what does it being not secure do vs being secure?

Are you talking about HTTPS? You can only load the forums over HTTPS - the HTTP version serves up a 301 redirect to the HTTPS version, per best practices, so it should never say “Not Secure”.

It sounds like you have something on your side interfering with TLS - possibly mixed content or something being loaded by third-party extensions - that’s making your browser flag it as not secure. I’d take a look at the padlock (and maybe the security details in dev tools, depending on your browser) and see why it’s getting flagged as such, because that’s potentially indicative of malware hijacking your data - and would be real bad if it were to happen to, say, a banking website.


Oh, I only answered one of your questions. Browsers show “not secure” for a variety of reasons, and they’ve changed over the years to try and help shape user behavior in the event of an insecure connection. HTTPS is encrypted web traffic (as opposed to HTTP, which is not) and runs over TLS (transport layer security), which is the modern version of SSL (secure socket layer), which everyone’s heard of. So, at a base level, you’ll get a padlock (or “Secure”) if it’s over HTTPS and no padlock/an open padlock/Not Secure if it’s loaded over HTTP. Most of the time, websites that offer an encrypted connection (which is most websites nowadays) will automatically redirect you to the HTTPS version if your browser attempts to load the HTTP version of a page.

Now, there are plenty of reasons that, even loading a page over HTTPS, you could get a security warning. Other than an expired or otherwise invalid security certificate - or your computer’s date being wrong enough that it thinks the cert is expired - if the page loads some content over HTTP, your browser will display a warning indicating that it’s not secure, because this “mixed content” could potentially be interfered with, and affect the entire page’s security. Browsers will also issue warnings if the connection is using outdated or insecure encryption algorithms, has a non-compliant certificate, or has a certificate not trusted by your computer.

For the certificate validity issues, it’s worth noting that the connection is still encrypted, however the browser cannot verify that the remote server (the site you’re connecting to) is the correct one, or if there’s a “man in the middle” (MITM) that’s pretending to be the website, intercepting the traffic, and then forwarding it along to the real website, and likewise intercepting and forwarding along the traffic back to you. In such an event, even though it’s encrypted, the browser will indicate that the connection is not secure because someone could be potentially intercepting and/or modifying the data in either direction, unbeknownst to you.