Please enable HSTS to avoid sslstrip or a MITM replacing the http page.https://en.wikipedia.org/wiki/HTTP_Strict_Transport_SecurityWith PHP check if the page is been served in HTTP, if so redirect to HTTPS.
In HTTPS set the HSTS header:
header("strict-transport-security: max-age=31536000");
(Example implementation in PHP).
That tells the browser to only use the HTTPS versión of blockchain.info for a year (31536000 seconds).
So, my browser will go directly to https even if I have no internet conection.
Thanks.