Clicky has always had HTTPS support on the login and credit card pages (and of course for the tracking code on your site), but otherwise we weren’t allowing it. You may be thinking we were trying to save on performance, but that’s not the case – our load balancers have hardware HTTPS decoding so the penalty is negligible. No, the one major reason was because of Google.
The Google Maps javascript API that we were using (version 2) did not allow HTTPS without an enterprise account for the low low price of just $10,000/year. Including insecure items on a secure page isn’t a big deal of course… unless you’re an IE user, and 13% of our users are on IE. So it is in fact a big deal. We could always just exclude that feature for them, or only include it on the pages that require it, but those felt like cheap hacks. I wanted proper support for it.
One of the good things about working with other developers is they can tell you things you don’t know! We just hired three new developers, and I’ve been learning all sorts of amazing things from them. For example, just today, Mike told me that Google Maps API was now on version 3, and one of the amazing new features was full HTTPS support for no cost – not to mention no more API keys! How did I not know about this?!
So, I spent the last few hours converting our code to their new API, and now we have proper HTTPS for all of Clicky. We do require a Pro or higher account for this, but if you have one, your connection to our web site is now fully encrypted!
The last 6 weeks we’ve spent opening an office, interviewing a bunch of people, hiring three of them, and getting everyone up to speed on how Clicky works. This has been completely overwhelming, but we’re finally past all that and the future is looking bright. We went from just one developer, to four, so you can expect things to start moving a lot faster. Each one of them is already working on some great new features, all of which have been requested a million times and I can’t wait to get them into your hands.
I’ll write more about them and show off our new digs in a future post, but now, back to work!
Update May 19: We added a preference to disable this in your user preferences, if you don’t want it or it’s causing problems (e.g. firewall not allowing port 443). It’s on by default for all Pro+ users otherwise, though.
