Avoid a Website MIX-up

When a website requires a username, password, credit card information or just about anything that is personal, you would expect that website to collect and forward that information in an encrypted format. After all, this is sensitive information, and in the age of identity theft, we cannot be too careful when sharing private information.  When you do, you expect the website you’re dealing with to be secure. 

https

When using a web browser, a secure connection to the website you’re looking for, is normally indicated by an S that is added to the HTTP in the web address of that website.

The S on the end of the HTTPS indicates to visitors that all sensitive information is secure, and the data passed, whether sensitive or not is:

  1. Encrypted, unreadable, AND the website is authenticated – they are who they say they are.
  2. Not modified, a guarantee of data integrity
  3. More secure and private, as all communication include links that are encrypted
  4. Gives the website a potential higher organic rating in Google.

Sounds good, but not all websites use SSL and some websites that have SSL are still not considered secure if they display mix content. Therefore, your website can be certified SSL however your visitor receives the warning message: “Mixed Content Insecure”.

What is mix content you may ask?

Mix content is caused by HTML downloaded over a secure HTTPS connection.  For example, your webpage may be calling in an image, videos or scripts, linked into a webpage that is not certified, essentially over an insecure HTTP connection.  When both HTTP and HTTPS are displayed on the same page you have mix content.

Doesn’t sound too bad but wait there’s more!  

You may have noticed mix content blocks on certain websites, when you’re using certain browsers.  Starting this year Google Chrome will block this type of content by default.  The reason behind this:  to protect your computer from potential security attacks because of the connection to the unsecured pages. (the video on the HTTP page for example).

Google began policing our browsing in 2017, by displaying a Not Secure, warning on HTTP pages.  This notice warns the web visitor that the private information they were about to enter, such as a credit card number, is not secure:  HTTPS SSL complaint.

With each release of Chrome during 2017 the Warning Message began to include all types of web pages that were uncertified. i.e. entering as a word in a simple search box.

Why is this important for the website owner?  Besides all the reasons mentioned, if Google is policing their website connections, it stands to reason eventually they will only deal with SSL compliant websites on their search engine.

The end game to this?  As of this writing, Google, by the close of 2020. will consider all HTTP webpages insecure.  You will get a warning for each website you visit, regardless of what you’re doing or reading.  It may be blocked without a clear way to unblock mix content and visit that site.

As a website owner, you will want to make sure SSL is installed so everything is secure and your website will be found, regardless of the browser.

Following Chrome other browsers began to take an interest is SSL

There are many more browsers, that in one way or another will eventually pay heed to SSL: i.e. Opera, Safari, Bing, Dogpile and so on.

FAQ

Is SSL required on a website?

It seems that Google is leading this, and (rumored in the future) may only show secure (HTTPS) sites in their search results.

As a website owner, do I need SSL?

Probably.  If you’re a merchant, taking sensitive data over the internet you should be SSL compliant for some time. When Chrome stops displaying mix content, other browsers will follow.

How do I get an SSL certificate?

Contact dwli.net (734-259-5331) for information and assistance

Share on facebook
Share on google
Share on twitter
Share on linkedin