Skip to main content

Don't Force Your Readers To Use SSL

Some blog owners are very anxious to have their blogs accessible, using SSL protocol.

We see the occasional impassioned query, in Blogger Help Forum: Learn More About Blogger.
I added JavaScript code in my blog, to redirect from HTTP to HTTPS, since I want my users to view the blog in HTTPS.

I am concerned about indexing and Webmaster Tools. How do I move from HTTP to HTTPS? I would like my posts to be indexed, using HTTPS.

To make HTTPS / SSL work in Blogger blogs, Blogger Engineering changed all of the internal BlogSpot links from "http://" to "//".

Blogger links are now protocol relative.

The protocol relative URL ("//") lets Blogger code work for either "HTTP" or "HTTPS", depending upon how the reader is viewing each blog (such as yours). The canonical URL, for a blog offering SSL connectivity, will still use "HTTP" protocol - which gives each reader the choice - to use HTTP or HTTPS.

Many blogs published to "blogspot.com" will have content and links which reference other blogs, Internet services, and web sites that do not use SSL. When your readers surf your blog using SSL, links in your blog to "HTTP" content will subject them to "Mixed Content" alerts.

Your readers will be happier, given the choice to use HTTP or HTTPS.

With your blog offering SSL connectivity, your readers will have the choice to use "HTTPS" access (and ignore the "Mixed Content" alerts), or to use normal "HTTP" access. If you force everybody to use "HTTPS" - using unsupported custom code - you will be giving your readers only two choices.
  1. Avoid your blog, and surf as they need.
  2. View your blog, be forced into "HTTPS" mode, and be subject to "Mixed Content" alerts.
Many readers will choose Door #1.

Your readers may see "Mixed Content" alerts, after surfing to your blog.

Your readers deserve the choice whether to surf in SSL Mode or not. Depending upon where they surf, after leaving your blog, they could be faced with a lot of "Mixed Content" alerts. If your blog forces them into SSL mode, and they have to deal with "Mixed Content" alerts after leaving your blog, they will learn to avoid your blog.

Some readers may not be able to use HTTPS, period.

All networks do not support SSL. SSL uses more resources - and must be configured, on some servers. My favourite diagnostic proxy, Rex Swain's HTTP Viewer, only supports HTTP connectivity.


Rex Swain HTTP Viewer - and some other proxy servers - do not support HTTPS.



Keep the advantages of SSL in perspective. SSL does not substitute for a properly designed layered security strategy - on your readers computers, or yours.

Give your readers the choice. Leave the Blogger code as protocol relative - instead of forcing SSL.

If you want the blog indexed using "HTTPS", setup an entry in Search Console, for the "HTTPS" alias.

Comments

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Add A Custom Redirect, If You Change A Post URL

When you rename a blog, the most that you can do, to keep the old URL useful, is to setup a stub post , with a clickable link to the new URL. Yo! The blog is now at xxxxxxx.blogspot.com!! Blogger forbids gateway blogs, and similar blog to blog redirections . When you rename a post, you can setup a custom redirect - and automatically redirect your readers to the post, under its new URL. You should take advantage of this option, if you change a post URL.

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.