An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Wednesday, December 09, 2015

Don't Force Your Readers To Use SSL

Some blog owners are very anxious to have their blogs accessible, using SSL protocol.

We see the occasional impassioned query, in Blogger Help Forum: Learn More About Blogger.
I added JavaScript code in my blog, to redirect from HTTP to HTTPS, since I want my users to view the blog in HTTPS.

I am concerned about indexing and Webmaster Tools. How do I move from HTTP to HTTPS? I would like my posts to be indexed, using HTTPS.

To make HTTPS / SSL work in Blogger blogs, Blogger Engineering changed all of the internal BlogSpot links from "http://" to "//".

Blogger links are now protocol relative.

The protocol relative URL ("//") lets Blogger code work for either "HTTP" or "HTTPS", depending upon how the reader is viewing each blog (such as yours). The canonical URL, for a blog offering SSL connectivity, will still use "HTTP" protocol - which gives each reader the choice - to use HTTP or HTTPS.

Many blogs published to "blogspot.com" will have content and links which reference other blogs, Internet services, and web sites that do not use SSL. When your readers surf your blog using SSL, links in your blog to "HTTP" content will subject them to "Mixed Content" alerts.

Your readers will be happier, given the choice to use HTTP or HTTPS.

With your blog offering SSL connectivity, your readers will have the choice to use "HTTPS" access (and ignore the "Mixed Content" alerts), or to use normal "HTTP" access. If you force everybody to use "HTTPS" - using unsupported custom code - you will be giving your readers only two choices.
  1. Avoid your blog, and surf as they need.
  2. View your blog, be forced into "HTTPS" mode, and be subject to "Mixed Content" alerts.
Many readers will choose Door #1.

Your readers may see "Mixed Content" alerts, after surfing to your blog.

Your readers deserve the choice whether to surf in SSL Mode or not. Depending upon where they surf, after leaving your blog, they could be faced with a lot of "Mixed Content" alerts. If your blog forces them into SSL mode, and they have to deal with "Mixed Content" alerts after leaving your blog, they will learn to avoid your blog.

Some readers may not be able to use HTTPS, period.

All networks do not support SSL. SSL uses more resources - and must be configured, on some servers. My favourite diagnostic proxy, Rex Swain's HTTP Viewer, only supports HTTP connectivity.


Rex Swain HTTP Viewer - and some other proxy servers - do not support HTTPS.



Keep the advantages of SSL in perspective. SSL does not substitute for a properly designed layered security strategy - on your readers computers, or yours.

Give your readers the choice. Leave the Blogger code as protocol relative - instead of forcing SSL.

If you want the blog indexed using "HTTPS", setup an entry in Search Console, for the "HTTPS" alias.

Dude, hit me with a comment!