FlyOrDie.com Not Using HTTPS

Hi everyone,

Just a heads-up: when I log into flyordie.com, my browser gives a security warning saying the connection is not secure. It specifically says the site doesn’t support HTTPS, meaning any information sent (like usernames or passwords) could potentially be seen or intercepted by others.

I've attached screenshots showing the warning messages from Chrome.

This is a serious issue because without HTTPS, there’s no encryption between the user and the server. I’d recommend avoiding logging in or sharing any sensitive info on the site until they fix this.

Hopefully the site admins can upgrade to HTTPS soon—it’s 2025, and secure connections should be standard by now.

See images

https://ibb.co/DHH2KWJf

https://ibb.co/0Ryx9VtC



Im using Chrome 138 on Windows 11

I do not have a disconnection issue.

Edited by masterkiller

masterkiller

OP

Hi again,

Just following up on the security issue I reported with FlyOrDie's login page not being secure (no HTTPS).

The good news is — this is easy to fix, and there are free tools available. Here are a few ways the FlyOrDie team can solve this:

✅ 1. Use Let’s Encrypt (Free HTTPS Certificates)
Website:

https://letsencrypt.org



Let’s Encrypt gives completely free SSL certificates so the site can use https:// instead of http://

It’s supported by every major browser

Most servers can install and renew these automatically using a tool called Certbot:

https://certbot.eff.org/



✅ 2. Secure the Entire Site (Not Just the Homepage)
Right now, the main site (

https://www.flyordie.com)

 is secure. But the game pages and login forms are not.

The entire site should be served over HTTPS, including login screens and games.

✅ 3. Redirect All HTTP Pages to HTTPS
If someone visits

http://flyordie.com

 or a game page using http://, the server should automatically redirect them to the secure https:// version.

This is easy to do in server settings using .htaccess (on Apache) or config files (on Nginx).

✅ 4. Use a Proxy or Cloudflare to Help
If older systems make this hard, FlyOrDie can use a reverse proxy (like Nginx) to add HTTPS in front of the existing system.

Or they can use Cloudflare (

https://www.cloudflare.com)

, which offers free SSL and protects the whole site.

Bottom line:
There’s no reason not to secure the login page in 2025. HTTPS protects users from having their usernames and passwords stolen — especially when using public Wi-Fi.

I hope the team takes this seriously. It’s not expensive. It’s not complicated. And it's 100% doable with modern tools.

Thanks.