Chrome Security Hurdle May Affect Your Website’s Usability
Google is set to throw a new wrench into how visitors view your company’s website. Starting in March, Google’s Chrome browser will start blocking “mixed content” on secure websites.
Which might sound like confusing jargon, so let’s have some definitions first:
A secure website is one whose address starts with https, rather than just plain http. The “s” means the site is secured by extra coding to deter hackers from intercepting the personal data entered by a visitor to that site. The extra coding also allows your browser to verify that it’s really displaying the website you want to view.
A nonsecure website doesn’t have that extra layer of protection. Google often labels these sites as “not secure” and can even block users from easily reaching the site.
Mixed content means any resource – say images, videos or bits of code – that your secure website pulls from a different, nonsecure website to display on your pages.
Videos provide an easy example of how this works. While many sites display videos, most of those videos don’t live on the same server with the website. The videos are hosted elsewhere (often on YouTube) and are pulled onto a web page using coding – the video looks like it’s part of the page, but it’s actually part of another website altogether.
For example, this SEO video from Pilot Fish is being pulled from the YouTube site with the following code:
In our example, YouTube is already a secure https website, so videos hosted there don’t count as mixed content. But the principal works the same with the images or code from nonsecure websites that constitute mixed content – that content is pulled from another website to appear as if it’s part of your own website.
This isn’t meant to be deceptive. It’s simply how websites operate. And up until this point, it hasn’t mattered in most browsers whether the additional resources were pulled from an https or plain http website.
But that all changes in March, when Chrome will begin blocking the mixed (i.e. nonsecure) content. In explaining why it’s making this move, Google provides a couple of examples of how mixed content could be attacked by hackers:
- A graph pulled from a nonsecure website onto a secure financial services website could be changed to mislead investors.
- A piece of code could be tampered with to allow third parties to track what the site visitor does elsewhere online.
If you’re part of the 8% of U.S. website visitors using Internet Explorer, Edge or Firefox, this may not seem like a big deal to you personally. But it’s of crucial importance to your company’s website – across the United States, 50% of visitors use Chrome to view websites. Among Pilot Fish’s industrial clients, that average is even higher, around 59%.
When March rolls around, that means over half of your website visitors won’t be able to view your corporate website properly if it contains mixed content.
So. How can you tell if your site contains mixed content? You should contact your web developer quickly to have them review the site for any issues.
If Pilot Fish hosts your secure corporate website, you’re already in good shape. We’ve double-checked our hosting clients’ https websites and found no mixed content.
Looking for a web developer who always has your back? Contact Pilot Fish today for the peace of mind you need.
50% of U.S. browser traffic comes from Chrome, which means many site visitors may not be able to view your site properly starting in March.