Google claims great strides in the battle to force websites to convert HTTP content to HTTPS, and they’re about to turn up the heat for those that haven’t.
HTTP content refers to web content that isn’t “secure,” meaning it does not have an SSL Certificate. You’ve probably noticed many websites you browse now feature HTTPS before their URLs instead of HTTP. With that change, those sites display a “locked” padlock icon (or something similar) to indicate a secure site.
What’s the big deal? WPBeginner explains it this way:
An insecure HTTP file on a secure HTTPs webpage can still be used by hackers to manipulate users, install malware, and hijack a website.
Google says it’s proud of its track record of pushing website owners to use SSL Certificates.
“Chrome users now spend over 90% of their browsing time on HTTPS on all major platforms,” Google’s Chromium Blog states.
Beginning in December, Google will pursue that remaining 10 percent.
Google Chrome plans three-phase attack
Over the course of three months, Google Chrome will target http content (unsecure) served on https (secure) pages. Google wants to make sure websites only serve secure content on secure pages. In other words, when you see that lock, you should be able to safely assume everything on that site is secure.
In December, Google introduces Chrome 79. It comes with a new setting that will unblock mixed content on specific sites. The setting, according to the blog, will apply to the types of content Chrome now blocks by default. But users will be able to toggle the setting.
In January, Chrome 80 will automatically change any http content it sees to https. If that works, no problem.
If they don’t, Chrome will block that content. For http images on an https site, Chrome will show a “Not Secure” chip in the URL window.
“We anticipate that this is a clearer security UI for users and that it will motivate websites to migrate their images to HTTPS,” the blog states.
In February, Chrome will upconvert http images to https. Images that do not load with https URLs get blocked.
In a nutshell, it means this: by February 2020, your site will either show secure (because everything on it is), it will show “Not Secure” because of mixed content, or sections of your site will not load.
The first option represents a good user experience. The other two won’t be.
How to tell is your site has http content to move
You have more than one option. The simplest option, of course, is to wait until December to see if you start having problems on your site when non-secure content gets blocked.
But website owners probably don’t want to wait.
You could always have this site scan your blog. It will scan up to 400 pages of your blog looking for any http content that should be https content. (I’m happy to announce it found no errors with my site.
I hope it won’t find any with yours.
But at least with this resource, you can get one more assurance that after the first of the year, you won’t have problems that could cost you visitors.
Google may still struggle to reach 100% adoption of https content. But this should definitely help them get close…at least for sites whose owners want to guarantee the best experience possible.