On October 03, Google posted a notification about an important upcoming update to Google Chrome. In their Google Security Blog, they announced a security update that will impact websites that have not correctly converted their sites to HTTPS.
Google and the rest of the web have been moving toward this change for years. Google first recommended that sites switch to HTTPS back in 2014. The transition began with a few major e-commerce pages. But over the past five years, Google has created incentives to encourage more sites to make the switch—and it worked.
Chrome users now spend about 90 percent of their browsing time on HTTPS platforms, and this transition has led to a more secure and safe Internet experience. As Chrome 79 fades out and Chrome 80 enters the ring, Google is planning to take final steps in improving user privacy and security.
What Is the Difference Between HTTPS and HTTP?
To understand how this Google update will affect you, your business, and visitors to your website, you first have to understand the difference between HTTPS and HTTP. Since the beginning of the Internet, websites have used HTTP to transfer data from a web server to a browser. It’s what allowed Internet users to load webpages, and it contributed to exponential online growth.
So what’s the problem? HTTP served Internet users well for a decade or two, but the more society relied on the Internet, the more problems were uncovered. The biggest of those problems is that HTTP protocol does not protect the information that flows between server and browser. The data is not encrypted, and it’s vulnerable to attack.
The solution to this problem is HTTPS. This advanced protocol uses a secure socket layer certificate to protect information sent between server and browser. The encrypted connection protects sensitive information from being stolen and also safeguards user privacy. This is especially important for any site that collects things like passwords, credit card numbers, birthdates, social security numbers, or any other information that could be dangerous in the wrong hands.
The Issue of Mixed Content
At Google’s recommendation, most websites have made the switch to HTTPS. This has greatly enhanced the security of the Internet, but the upcoming Chrome update will address another issue related to what’s called “mixed content.”
Mixed content is when a HTTPS page includes HTTP resources. Google Chrome already automatically blocks some mixed content including scripts and iframes, but images, videos, charts, and audio loaded from an HTTP source are currently allowed to load. This creates a vulnerability within a secure website. HTTPS pages with mixed content are neither secure nor insecure, and Chrome 80 will take steps to address this issue.
What This Means for You
If your secure HTTPS webpage utilizes an HTTP resource (an image or video, for example), Google Chrome 80 will automatically upgrade that insecure resource to HTTPS. For some sites, this may work seamlessly to help reduce breakage. But if the server fails to load the resource over HTTPS, it will be blocked, and the page will fail to load correctly.
For websites that are not secure and only utilize HTTP, you will not have to worry about this change having an impact on your site’s ability to load. Your site, however, will remain insecure and suffer in Google search result rankings.
Should You Switch to a Secure Website?
The importance of having a secure website is not something new. Google has been pushing this for years. Secure websites are even given an extra boost when it comes to organic search results.
So far, Google has not noted that this change coming in early 2020 will have any impact on organic search. But even if it doesn’t happen immediately upon launch, there’s a good chance Google will eventually make that announcement. They want their browser to be as secure as possible, and they’re willing to use higher search ranking as a means to make that happen.
If you have not made the switch to HTTPS, now is a good time to do it. Making the switch now will ensure your site continues to load correctly within Google Chrome, and it might also help improve your organic presence and drive more traffic to your site.
Your Next Steps
If you have a secure website and are worried that you may have issues once Google implements their newest update, a security audit should be your next step.
A comprehensive security audit will evaluate your website’s security policies and controls while identifying potential threats and vulnerabilities. An audit can illuminate security threats that could put your business at risk, leave your customers vulnerable to attack, and prevent your page from loading correctly.
Once you have the necessary information about your site, you can make an informed decision on whether you need to directly address mixed content on your site. And if you still use the insecure HTTP protocol, a security audit will evaluate your level of risk and pinpoint exact vulnerabilities.
StepForth offers advanced audits that uncover issues related to a site’s security as well as important SEO factors. We take a complete and in-depth look at a website to ensure the structure and technology is not only search engine friendly but also optimized for the best organic reach.
Google Chrome will initiate its updates to eliminate mixed HTTP content starting December 2019 and will continue to make improvements throughout early 2020. It’s important for your website to keep up with these changes to provide visitors to your site with a seamlessly safe and secure experience.
Security is a huge part of a healthy website, and StepForth is here to keep your website in its best shape. Contact us today to schedule an advanced website audit or enlist our expert help in transitioning your website to the more secure HTTPS.