The release date for the launch of Chrome 68 is around the corner and set for July 2018, is your website “HTTPS Everywhere” ready?
Over the past couple of years and more aggressively in previous months, Google has been strongly advocating the move towards securing the web and ensuring that all sites adopt HTTPS encryption. Beginning July 2018 with the release of Chrome 68, Google will start displaying “not secure indicators” for all sites that are HTTP in an effort to further warn users when visiting an unencrypted site. Your website needs to be fully migrated to HTTPS across all webpages to ensure no error messages are displayed and visitors can continue to browse in a trusted space.
Another plus with this move is that HTTPS promises to “unlock both performance improvements and powerful new features that are too sensitive for HTTP,” according to a recent Chromium blog post.
An example of error messages to be displayed in HTTP sites, once Chrome 68 has been released
Unfortunately fully migrating your site to HTTPS Everywhere is not as simply as encrypting your sites home and transactional pages. Marketers who generally rely on third party applications for content delivery, need to be aware of the Chrome 68 release, which means paying careful attention to:
Secure content that is served up in an unsecure environment is vulnerable to an attack. Even though your website might be encrypted, content that is distributed through your website via a third party might not be. For this reason, websites need to update all external links to avoid the “Not Secure” indicator. Here are some examples of marketing-related items that need to be audited for SSL/TLS security:
- IFrames – Both HTML documents and the content embedded within them from another source need to be encrypted. Check your advertisements and images.
- Backlinks – If you rely on backlinks to support SEO strategy, ensure that all backlinks are sourced from HTTPS URLs.
- Social Media – Crosslinks with social media outlets need to be encrypted on your end and theirs.
- Website Tools -- Used for email marketing, marketing automation, landing page generators, etc. all need to be encrypted.
- Transactional Emails – Email communications also need to be secured. Test your communication processes for secure welcome messages, invoices, forgotten passwords, etc.
- Cross-links – Can be sourced from company web pages or from a third-party. Encryption needs to be in place regardless of source, some examples include:
- Listings in Authoritative Directories
- Marketing Assets: PDFs, images, etc
This list is in no way exhaustive. Your website likely has other items that lie either inside or outside of marketing related activity that also need to be addressed.
Content Delivery Network (CDN)
Make sure your CDN supports SSL. Contact your CDN provider to find out whether they can enable SSL setup on your CDN subdomain.
Update the default settings in Google Analytics and Google Search Console to HTTPS
Let LAWtrust help you with your HTTPS migration plan, contact us if you have any questions:
Contact +27 (12) 676 9240