Guiding principle: Browser upgrade prompts can be harmful

[aarongustafson]

We did this once before with WaSP and learned a lot from it. A bit of history:

• http://www.webstandards.org/action/previous-campaigns/buc/
• http://www.webstandards.org/action/previous-campaigns/buc/upgrade/

Some users have no control over their browser for a number of reasons. Just something to keep in mind.

[JDW1]

Something else to keep in mind...

Google gives preferences to HTTPS sites now, so more site owners aware of this are now seriously considering HTTPS, especially in light of free CA's like Let's Encrypt. When you move the HTTPS, like it or not, many older browsers are just not compatible if you use newer TLS versions, especially if those browsers are running on insecure OS's like WinXP. For example, IE8 running on WinXP-SP3 will issue a scary certificate warning, which gives the impression that your innocent and secure HTTPS site is anything but innocent or secure. So rather than leave such visitors with the wrong impression, regardless of whether they have control over the browser or not, it's probably best to route them to the Browser Update site.

[adamn]

It's best not to use the Browser upgrade concept ... unless you have to. We have a complex application that simply won't work for certain browsers and users need to know it early on or be supremely frustrated (i.e. users can't even register).

[JDW1]

I disagree based on the data and statistics I see from Google Analytics on my sites, which are mostly in Japanese, targeting an audience in Japan. One must choose to use HTTPS or not. These days, especially with Google giving the nod to HTTPS sites, it is only logical to use SSL. Once you do that, you have no choice but realize that MSIE on WinXP will cough up a scary certificate error. That's true even of IE9 on Vista. So do we appease those with ancient and unsafe browsers and AVOID using HTTPS on our sites? I say a firm "NO!" to that. Instead, I use .htaccess to sniff the browser and then redirect all older browsers which would cough up a cert error to a "modern browser download" page. I've been watching what has occurred over the months since I implemented that plan. Visitors to our site were previously already ditching IE (finally!) in favor of other browsers, but the pace accelerated when I implemented my .htaccess redirects. And the IE-holdouts who adore that browser decided it was time to update to IE11, since they have been updating their computers anyway (albeit, to old Win7, in most cases).

As of now, I see the following data on our web visitors:

IE (all versions): 33% Chrome: 22.78% Safari: 21.51% Android Webview: 6.69% Safari in-app: 5.5% Edge: 4.49% Firefox: 3.22%

And as of a couple months ago, IE7 and IE8 users finally dropped completely off the statistical chart, yielding the following IE usage:

IE 11: 92.33% IE 10: 4.6% IE 9: 3.07%

All said, I chose to use HTTPS. It would be foolish NOT to these days, especially with free SSL certs available from Let's Encrypt. And when one does that, one must decide which path would cause more user frustration: (1) no browser redirect that leaves users of older browsers with a scary certificate error that may drive them away from your site altogether, or (2) redirect old browsers incompatible with modern SSL standards to a browser update page. I choose (2) and have zero regrets. It's best for me, the sites I build, and for our web visitors too.

[marko-avlijas]

What's your point Aaron Gustafoson?

Isn't it better to let the users know that their browser is outdated than let them think that your site doesn't work? The more sites lets them know, the sooner they will upgrade.

Same goes for coorporate users who "can't" change their browser. They can but they won't. It isn't so hard to tell system admin to install latest chrome or firefox. And it's not hard to install it.

You bet if CEO was using IE8 and he/she got messages on every site he visited that their browser is outdated that company would quickly have a modern browser for all employees.

Additionally, we don't have unlimited time per website to make it it work and gracefully fall back to some browser made in 2001. We have to stop supporting some old browsers. How old is determined by what percentage of people are using the site through outdated browsers, how acceptable it is to lose them and how costly it is to support them. You need to balance time spent on building the site and your browser support.

Summary:

• coorporate users can change their browsers - they just won't
• there's nothing wrong in telling users they have outdated browser
• there is nothing wrong in not supporting old browsers - it has to be done
• the more often people with outdated browser get slightly annoying messages that their browser is too old, the sooner they will upgrade.