Google has recently announced that beginning in December 2019, mixed content will be blocked on HTTPS web pages. This update is designed to provide a more secure browsing experience across the web.
We wanted to give our community a heads up about this coming HTTPS change as well as information about what it means and how they can make sure their content continues to remain optimized.
Why is HTTPS important?
Following Google’s recommendation that sites transition to the HTTPS protocol, we have recommended that our community make this important transition as well. To learn more about HTTPS, please read our post here.
Operating a site through HTTPS provides your visitors with an additional layer of security as they engage on your page. Google appreciates this level of security for users, which in turn makes it a positive factor when the algorithm ranks websites.
Google reports that since the push for HTTPS websites began, web domains in general have made good progress in the transition, with 90 percent of the websites browsed by chrome users being HTTPS domains.
Making the transition from HTTP to HTTPS should be done carefully and with close monitoring on the BrightEdge platform.
What is mixed content?
Mixed content refers to websites that have a secured URL, but contain unsecured elements within the page. Specifically, they have subresources that load through HTTP. This can be scripts, images, or even linked content.
These subresources can undermine the security of the page. Many websites that have an HTTPS domain have the problem of mixed content on their site. These subresources, since they are still HTTP, do not load securely on the HTTPS websites.
Some types of mixed content already are blocked by browsers, but others open paths for malicious users to tamper with the security of site visitors.
As Google explains, “Browsers block many types of mixed content by default, like scripts and iframes, but images, audio, and video are still allowed to load, which threatens users’ privacy and security. For example, an attacker could tamper with a mixed image of a stock chart to mislead investors, or inject a tracking cookie into a mixed resource lead.”
What does this HTTPS change mean for websites?
For this HTTPS change, Google will be blocking mixed content slowly, which gives site owners the time they need to properly respond and ensure that their material is ready for the upcoming changes.
Chrome does not plan to begin to block all mixed content at once. Instead, it will be done gradually, with the change rolling out in stages.
Here is the timeline Google says they will be following:
December 2019: Chrome will have a new setting that allows users to unblock mixed content in particular circumstances. Specifically, this new setting can be used on mixed scripts and iframes.
January 2020: One month later, Chrome will automatically upgrade mixed audio and video files. If a file does not load over HTTPS, then, the resource will be blocked by default. Users, however, will be able to unblock a desired resource, as they could in December 2019, through their settings.
During this same upgrade, mixed images will load on browsers, but users will receive an alert that the site is “not secure” via a chip in the omnibox.
Since users can elect to retrieve the blocked content, they will have access to the material if they strongly desire it. In most cases, however, the mere fact that Chrome blocks the material will mean that your users would not see it. People, generally, do not want to risk the dangers that can come through compromised material and thus they often listen to the browser’s recommendations to ignore content that may pose a security threat.
February 2020: Chrome’s third update will then automatically transition images to HTTPS as well, once again blocking them by default if they do not load properly over HTTPS. By blocking all mixed content automatically, users will receive a more seamless and visual appealing experience, while also experiencing greater security on the web.
Keep in mind that these changes are specifically for those using the Chrome Browser. They will not impact users on other browsers. However, since Chrome is the most popular browser and accounts for just under 59 percent of the traffic, making sure your site has been properly set up for this browser will serve your content best.
Our recommendations for HTTPS to our community
In light of these impending changes for mixed content, we recommend that users take the time to carefully go through their pages and check for any content that might be blocked under the new rules. Thankfully, Google has given the internet community two months to prepare their content before the changes start taking effect.
Brands can scan their websites through WordPress to check for mixed content. This will allow you to highlight any material that might be jeopardized under the new procedures and ensure that your site is fully secure for users before the end of the year.
As December, January, and February roll around, keep a close eye on your pages through the BrightEdge platform. Watch for any indications that your content sees a drop in traffic, which could indicate that certain material is blocked on your site and thus resulting in reduced traffic.
Google continues to work towards creating a better web experience for users, thus this HTTPS change, and this includes creating a more secure browsing experience. This change is just the latest adjustment they have made in their effort to boost safety of users online. Dedicate a few hours each month over the next two months to scanning your site for mixed content and correcting any unsecured resources so that your users continue to have a pleasant experience on your website.