Google launched an HTTPS version of every blog hosted on the Blogspot domain, which means that visitors can access the blogs over an encrypted channel.

As a part of a mission to have HTTPS everywhere, in September Google started to offer its bloggers a support for HTTPS on its Blogspot network, so the owners of the blog would migrate their sites to a more secure protocol.

Worklife Google Zurich Office
Photo: AP Photo/Keystone, Walter Bier, file

Now, the setting switch their site was removed, making it obligatory. Instead of having the option to make it available, blog owners will have to use an option called “HTTPS Redirect”, which will redirect the visitors automatically.

Blogs safety

Google decided to start working on this project to make blogs hosted on the Blogspot domain more secure, putting more control on the visitors.

Milinda Perera, a security software engineer at Google, wrote in a blog post that HTTPS is necessary to Internet security, because it protects the data’s integrity and confidentiality that is being sent between websites and the visitor’s browsers.

Even though Google is switching to a HTTPS by default, which is an opportunity for users to encrypt their traffic, blog owners can choose not to select the option and visitors will have the option to access a non-encrypted HTTP version of the sites.

Common errors

Google warned that this new feature could trigger some issues, which will be shown on some user’s browsers as an alert of mixed content. These errors might happen when a blog loads resources from other sites that do not use HTTPS, or when the content of the blog is being loaded in both HTTPS and HTTP connection.

Perera said that the mixed contents are being fixed by Google, but some other errors will have to be fixed by the blog owner. Google built a tool in the blogger’s editor that tells them when an issue is happening, before they post it, so they can fix it early.

Google said that the change will not affect existing links and bookmarks, as well as blogs on custom domains, since they will not yet receive HTTPS support.

Source: Engadget