I came across ‘How to Deploy HTTPS Correctly’ written by Chris Palmer of the Electronic Frontier Foundation. Chris does a great job  explaining why web site operators should use HTTPS versus just HTTP. He points out a couple of good practices...