A year after Google’s remark on marking all HTTP sites as non-secure, the company is planning to implement the policy in Chrome. The objective behind the proposal was to clearly display to the users that HTTP provides no data security and browser should inform this fact to the users. Google will lead the path by displaying browser warning messages and this will encourage other browsers as well. Google and other popular search engines could also penalize what they see as non-secure sites and drop their search ranking.
Google’s team recently said that “We all need data communication on the web to be secure. When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin”.
According to the Google team, browsers define three basic states of security:
- Secure (valid HTTPS)
- Non-secure (broken HTTPS or HTTP)
- Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors)
The change is not going to make us secure. But, it is a crucial step in the overall transition to a secure internet. Making this change is a signal to those who are taking deployment decisions.
All That You Need To Know About HTTP?
It is vital to understand the problem with the HTTP protocol. Basically, the main problem is with the data, which is sent over the internet in a plain text format. This means that a malicious party could easily intercept the information to commit fraud and earn profit from it.
What Should You Do On Your Website?
Depending on the procedure used to build your website, you need to carry out several activities to make your website SSL/TLS compliant.
How to Test Your Website for Conformity?
For an initial test, there are available many free testing tools like High Tech Bridge. It is always better to go for test, conducted by a PCI certified partner.
Still it is not clear when Google will introduce the new marking system by default in Chrome. But some of the observers have already taken it as positive sign to proceed and is planning accordingly. As the company begins with marking HTTP as bad, they have also released new tools to help developers deploy HTTP. Google is encouraging vendors to take initiative in implementing such changes.
It is already mentioned that Google can also penalize non-secure sites. So, to help protect search engine position of your webpage, check out the following points and implement those on your webpage.
- Canonical tags should be pointed to HTTPS
- Execute HTTP Strict Transport Security response header
- Hard coded links need to be checked and re-pointed to HTTPS
- Every file on the website need to point to HTTPS
- Update sitemaps to use HTTPS and resubmit to Google and Bing Webmaster Tools
- Set 301 redirect from HTTP to HTTPS
Implementing TLS is an absolute must for every web master or web property owner. It is better to take actions now before your online performance suffers due to security fears.
VGlobal offers reliable and efficient Digital Marketing Services. For any assistance, contact us.