Chrome security updates blog post hero image

Chrome security updates

Google Chrome the internet’s most popular browser is doubling down on it’s security settings potentially causing some content to not display, or possibly worse, flash a large “insecure” message across your site.

As we have blogged before Google ideally wants all sites to use the HTTPS secure protocol rather than the older and less secure HTTP one, and now to build on that Chrome will from February start blocking secure sites that are displaying “mixed content”.

OK, sounds scary so let’s dig a little deeper as to what qualifies as “mixed content”. Probably the easiest way is to give an example as it relates to the escort industry (and a pet hate of mine) link banners. If you have been professional and updated your site to HTTPS, and you really should, then if any link banners on the site loading remote images, those hosted on another server, will need to be also be served via HTTPS. If they are not, and some less professional or older directory banners may certainly be not, Google will start either not displaying the banner, or perhaps even show the dreaded “insecure” message likely scaring away any visitor to your site which of course means potential lost business.

Now this does not only apply to banners, any videos, images, etc also linked to a non HTTPS domain can also trigger the above. So what to do? Well if you’re clever or lucky enough to have an efficient and good web designer, this should not be a problem, however giving them a little nudge to check would be a good idea. If you are self managing your site, you need to check all links, banner code and images on your site.

Google is also updating it’s security policies on a more technical area, called TLS. This is the protocol the server uses to send information to the browser, again Google is using security and moving to flagging older TLS versions TLS 1.0 and TLS 1.1 as potentially insecure. While this is not yet critical you should certainly ask your hosting company/web designer about this as many servers still have these still enabled even when the newer and Google approved TLS 1.2 is in use.

OK that’s about it on Google Chrome for this time, please note these issues do not affect other browsers such as Firefox, Opera, Safari, Microsoft Edge etc, however where Google leads other browsers usually follow so it is quite likely this will become standard in the not too distant future.

Or use the contact form below