Speaking of which, why don't you have redirection so that all traffic recognized on http goes to https?
This should not be too much of a request, and you would avoid a "dead" link to your site.
Yep. There is a very good reason to block all HTTP traffic, it's been in there since day one and it's there to protect users privacy.
Let's say a user pasted into their browser "anonymixer.com/trade/52691ba2-5d5f-4c25-a50a-fae4a49441ed" and pressed go. Yeah sure, we could respond with a simple Upgrade Header and send the user over to the HTTPS version of the website, but they've already potentially destroyed their privacy.
They just informed their ISP and any other potential eavesdropper of their Trade ID (It was sent in the HTTP unencrypted GET request). The ISP/Eavesdropper can then navigate to that trade and see all details, all deposit addresses, all output addresses, the current status of the Trade, etc.
By enforcing HTTPS only, this information can never be leaked to eavesdroppers. HTTPS in this case means true end-to-end encryption with Anonymixer's Server. The same can not be said for others because they use Cloudflare/DDoS-Guard as middle men, who are able to listen in to ALL traffic (including HTTPS) as it is the middle-men/DDoS providers who decrypt it.
icopress, is there any plan on mentioning about Cloudflare/DDoS-Guard on this site as a thing?