An announcement from Google stating that their Chrome web browser will start blocking websites that have “mixed content” from December this year (2019) as a result website developers, designers companies have been warned that they need to check their websites to make sure they are not at risk of their websites fallin ill of this new enhancement to the chrome browser.
We are all used to seeing the little padlock or similar icon displayed on our browser address bar when visiting websites, this indicates that the communication is encrypted between your PC or phone and the web server…. This icon appears to indicate that your using the HTTPS protocol as opposed to the older unsecure HTTP protocol and that an SSL certificate is in use that manages the encryption.
However on many websites that have not been coded or set up correctly some of the files used to display items on a webpage may still being loaded using the older HTTP protocol, this could include images, script or styling files.
When a page is loaded using the HTTPS protocol but includes assets loaded over HTTP the site is said to be receiveing mixed content which can result in security vulnerabilities for your customers when visitng your website.
At the moment Chrome will load web pages with mixed content. However come December 2019 (Chrome v79), Chrome will introduce 2 additional steps to try and keep the user safe when visiting mixed content web pages.
- Firstly if there is a file being delivered insecurly chrome will attempt to load it securly, if this works great the website will continue to function as normal.
- Should an insecure resource still not load securly a new toggle wiill appear with in Chrome that will allow a user to decide wether ot not to allow Chrome to open the inecure URLs with the option to allow users to leave the website.
This is the first phase, the idea is to give publishers time once the change has come in to effect to identify issues on their website, the problem is that your customers may experience issues and not visit your website.
The second phase of this change due January 2020 Chrome will remove the unblocki option and begin blocking mixed content web pages completely.
Unless your a developer or techy it is unlikely you will have any idea as to wether your website is delivering mixed content.
Many browsers have built in developer tools normally accessed by pressing f12 that includes a console that will display issues relaing to mixed content however you would need to visit all the pages on your website to know that they will all successfully load.
One useful resource is https://www.jitbit.com/sslcheck/, this is a free online tool that allows you to scan your entire website to see if there are any SSL or mixed content issues.
Resolving any issues may be a simple case of updating the content on a page to link to an image using a secure URL hwoever scripts, style sheets and other assets not editable via a CMS may require a developer to go in and make changes to the code to ensure this is no longer an issue.
We have years of experience not just creating but supporting and maintining websites, changes like this are not uncommon and over time website have had to become more secure.
We can asssess and make fixes to your website to ensure it will not be effected by the up comming changes.
Why not contact us to find out more.