[Cross-posted from the Google Security Blog]
HTTPS is fundamental to internet security; it protects the integrity and confidentiality of data sent between websites and visitors’ browsers. Last September, we began rolling out HTTPS support for blogspot domain blogs so you could try it out. Today, we’re launching another milestone: an HTTPS version for every blogspot domain blog. With this change, visitors can access any blogspot domain blog over an encrypted channel.
The HTTPS indicator in the Chrome browser |
As part of this launch, we’re removing the HTTPS Availability setting. Even if you did not previously turn on this setting, your blogs will have an HTTPS version enabled.
We’re also adding a new setting called HTTPS Redirect that allows you to opt-in to redirect HTTP requests to HTTPS. While all blogspot blogs will have an HTTPS version enabled, if you turn on this new setting, all visitors will be redirected to the HTTPS version of your blog at https://
The new HTTPS Redirect setting in the Blogger dashboard |
Please be aware that mixed content may cause some of your blog’s functionality not to work in the HTTPS version. Mixed content is often caused by incompatible templates, gadgets, or post content. While we’re proactively fixing most of these errors, some of them can only be fixed by you, the blog authors. To help spot and fix these errors, we recently released a mixed content warning tool that alerts you to possible mixed content issues in your posts, and gives you the option to fix them automatically before saving.
Existing links and bookmarks to your blogs are not affected by this launch, and will continue to work. Please note that blogs on custom domains will not yet have HTTPS support.
This update expands Google’s HTTPS Everywhere mission to all blogspot domain blogs. We appreciate your feedback and will use it to make future improvements.