Google Chrome Updates to Block Mixed/ Non-secure Resources
Google Chrome Updates to Block Mixed/ Non-secure Resources
If search engines recognize your website as secure, that means that you have purchased and installed an SSL certificate correctly. This certificate encrypts the site’s information that is sent between the browser and the web server. By encrypting the data, it jumbles up the code and user information. This means that people are unable to read and gather this information to steal or put malware on the website.
Google has really been the driving force behind sites going secure and now boasts that Chrome users browse secure sites 90% of the time. That is a huge change from even just a few years ago when being secure didn’t really matter for most websites. When most of the sites on Google’s search results pages went secure, this left a lot of sites with mixed content. Mixed content is when a site has both secure (HTTPS://) and non-secure (HTTP://) resources or links. Because secure sites are less vulnerable to hackers, Google is now introducing new Chrome updates over the next few months that will further push site owners to get rid of mixed content. This will make every user’s click and transaction more secure online.
Chrome Pushes Sites to Be Secure for Ranking Factor
Until August 2014, this SSL certificate was mainly purchased by ecommerce sites. That year, Google made it part of their ranking factor and said that if your site is secure, it will boost your site rankings. This was the main reason that people made their sites secure. If you did not have a secure site, it really started to drop off in rankings.
From this change back in 2014, Google has become more aggressive in discouraging non-secure websites. Chrome currently blocks non-secure scripts and iFrames (videos). Google is currently working on updates to further block more non-secure content with their newest versions of Chrome.
The new Chrome updates that will be introduced are gradually moving towards blocking all non-secure resources. Iframes and scripts are considered to be active content, which is the most dangerous and are more easily compromised by hackers. Even images, videos, and audio-mixed content could be risky, so that is why Google has decided to block them.
Chrome’s Progression of Updates to Block non-secure Resources
In December 2019, Google is rolling out Chrome 79. This new Chrome will allow users to unblock non-secure content that Google currently blocks. This will give users the power to utilize non-secure content if they would like to. It will be available on a per site basis. Though they are creating ways to unblock non-secure content, Google wants to deter people from unblocking it.
In mid January 2020, Google will introduce Chrome 80 to Chrome users. The changes in Chrome 80 will be that non-secure content will be auto-upgraded to secure sources. If the resource does not exist or load in a secure format, Google will block the resource from loading.
With this change, even if the site has the certificate required to be secure (HTTPS://), but you have an non-secure resource, such as an non-secure video, the page will be marked as non-secure. This will affect the page and site’s ranking. Since users refrain from using non-secure sites, it will also affect the user experience Chrome 80 will still allow users to choose to view non-secure resources, but the default will be to block them.
In March 2020, Chrome 81 will be released to Chrome users. This wraps up the changes and push to get all sites to be fully secure. This update will have the browser attempt to auto-upgrade images to HTTPS, and if they don’t load, they will also be blocked. Images are the last of the mixed content resources that Chrome has not blocked.
Other Browsers Already Block Mixed Content
Chrome isn’t the only browser that blocks non-secure content. Firefox blocks non-secure scripts and iframes and it requires you to disable protection to re-enable it. With Safari 9.0.1 in 2017, they fully blocked non-secure resources such as iframes. Safari does not allow users to re-enable it. This is more strict than Chrome at the moment. It seems that Google/Chrome gave sites a little more time to become fully secure; however, these latest Chrome updates will be the final push for sites to fix all non-secure resources.
Is My Site Ready for Chrome’s Security Updates?
Overall, these new Chrome updates are to tie up some of the loose ends that happened when sites got their certifications to become secure. While being on their platform, Google wants users to have a good experience and feel safe. By making sure all resources loading on pages are secure, there are less possibilities of user information being compromised.
Even though it seems cumbersome, it is worth upgrading all resources and links on your site to be secure. If you do not make those changes, your site will lose images, videos and code scripts that affect styling. To detect mixed content, there are crawler tools that find non-secure/mixed content to see where your security holes are. By changing those now, you will not have to worry about your site’s images, videos and resources not loading with these upcoming updates.
Contact Ecreativeworks today to make sure you are ready for Chrome’s security updates over the next few months.