An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Thursday, May 05, 2016

HTTPS Availability For All "blogspot.com" Blogs

The rollout of SSL, for "blogspot.com" published blogs, continues.

All "blogspot.com" published blogs will now offer HTTPS connectivity, to the reader. The choice, offered to the blog owner, is now whether to force every reader to use SSL - and the dashboard option is now labeled "HTTPS Redirect".

You can force your readers to use SSL, to access your blog - but will that make them more secure?

Every blog will offer SSL connectivity, to readers who use "HTTPS:" URLs.


The dashboard option is now "HTTPS Redirect".




The choice is now whether to force "HTTPS:" upon each reader - or allow some to continue to read, using "HTTP:".



If you select HTTPS Redirect, you will be limiting your reader population.

Some readers access our blogs, by using free proxy servers - and most proxy servers, when they offer HTTPS, offer it as a premium (with a paid subscription). You are entitled to require everybody to use SSL, if you wish - but you may see reader activity drop, as readers using free proxies find other blogs and websites to read.


Everybody will see the "HTTPS:" alias - with "HTTPS Redirect" set to "Yes".



My personal favourite connectivity diagnostic tool, Rex Swain HTTP Viewer, won't work with blogs that only support "HTTPS:" connectivity.

http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://nitecruzr-test-ssl.blogspot.com/&uag=Mozilla/5.0+(X11%3B+CrOS+armv7l+7834.70.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2623.112+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO


No "HTTP:" diagnostics, for "HTTPS:" redirected blogs.



The "www" alias of a "blogspot.com" published blog will not work, using SSL.


Using the "www" alias, of a "blogspot.com" URL, will not work - with "HTTPS Redirect" set to "Yes".



Forcing SSL will not make your blogs readers more secure.

Use of "HTTPS Redirect", while nominally making your readers more secure, will limit access to your blog.

  • Readers, using proxy servers, may not be able to access your blog.
  • Diagnostics of blog problems, using proxy servers, will be limited.
  • Readers who bookmarked your blog, using the "www" alias, will not be able to access it.
  • Readers who are vulnerable to hijacking, when using "HTTP:", will not access your blog.

Offering SSL connectivity is good for everybody - but understand the limitations.

Enjoy offering SSL connectivity - and improved search engine reputation. But keep it in perspective.

People who explicitly use "HTTP:" to access your blog, and are vulnerable to hijacking, will see an imposters blog - even if your blog forces them to use SSL. Only people who explicitly use "HTTPS:", to access your blog, will predictably see your blog - and they won't benefit from being forced to use SSL.



As #Blogger continues the rollout of SSL to "blogspot.com" published blogs, they have changed the HTTPS option. All blogs which support SSL will offer "HTTPS:" connectivity, and the option will be to allow explicit access, using "HTTP:".

You may do well to consider what benefits you get, from forcing your readers to use SSL to access your blog.

Dude, hit me with a comment!

G. B. Miller said...

Personally, I use the https only with Facebook. Otherwise, I try to make things as easy as possible for my readers.

Chuck Croll said...

Hi G.B.,

Thanks for the feedback!

That makes sense - focus your efforts on specific targets. And, as I wrote just a few minutes ago, as you gain proficiency, use https: with more websites. Just change a bit at a time.

And wait for the next SSL upgrade, which will come soon enough.