Chrome Bans Mixed Content: Make Sure Your Site Is Safe
Google has announced that its Chrome browser will soon begin blocking mixed content on web pages – this being scripts, images, audio, video and other content served by the insecure HTTP protocol on HTTPS pages.
If some of your website resources are loaded using HTTP, now is the time to upgrade to HTTPS or risk a sharp drop-off in traffic.
Google has been pushing HTTPS – websites with an added SSL certificate – in its search engine and browser for years to encourage adoption of the more secure protocol.
Google announced that HTTPS was a "lightweight" ranking factor in 2014, giving a slight SEO boost to secure pages. Meanwhile, Chrome has pushed developers to upgrade their sites by serving warnings to users in the address bar when non-secure content is present, making these sites appear untrustworthy.
Even if you have a secure HTTPS site, it could still feature some insecure HTTP resources – most often images, audio and video. These elements are vulnerable to attacks from hackers, who may alter the content or place tracking cookies and other malicious code to threaten site visitors. Unsecured resources can also be used as a backdoor to give hackers control of the whole page.
If your HTTPS site contains HTTP resources, this should already be flagged up when you load your pages on Chrome. From December, these warnings will escalate until non-HTTPS resources are blocked altogether beginning in February. This could mean losing images, video and other vital page elements.
If visitors are warned that your site isn't safe, they may not choose to proceed. Broken page elements could also prevent users from viewing and navigating your site properly, impacting on sales and ad views.
As a site owner, there are several ways to make sure your websites comply and avoid problems.
Google's push to HTTPS may be a hassle for site owners, but with cyberattacks now being one of the major threats to businesses of all sizes, making your site as secure as possible will lower the risks to your business and your customers, as well as keeping you on Google's good side.
If you need help upgrading your website to HTTPS or you want to create a new, secure website, contact Quantum today to find out how we can help your business.