As Google’s plan to move the entire web to HTTPS by default draws near, your website needs to be fully migrated to “HTTPS Everywhere” to avoid displaying a “Not secure” indicator in your address bar. This indicator is designed to help users determine if your website is encrypted.
Set for release in July 2018, Chrome 68 is part of Google’s progressive plan to promote a more secure web for all users by achieving HTTPS Everywhere. Another plus with this move is that HTTPS promises to “unlock both performance improvements and powerful new features that are too sensitive for HTTP,” according to a recent Chromium blog post.
The depth of a full migration to HTTPS Everywhere extends far beneath the surface of simply encrypting a website’s home and transactional pages. Although not limited to marketing activity, this migration is also significant to marketers who generally rely on third-party applications for content delivery. This post focuses on some of the items websites need to address ahead of the Chrome 68 release. Let’s take a look at what this means.
Secure content that is served up in an unsecure environment is vulnerable to an attack. Even though your website might be encrypted, content that is distributed through your website via a third party might not be. For this reason, websites need to update all external links to avoid the “Not Secure” indicator. Here are some examples of marketing-related items that need to be audited for SSL/TLS security:
This list is in no way exhaustive. Your website likely has other items that lie either inside or outside of marketing related activity that also need to be addressed.
Content Delivery Network (CDN)
Make sure your CDN supports SSL. Contact your CDN provider to find out whether they can enable SSL setup on your CDN subdomain.
Next steps for Marketers
The path to achieve HTTPS Everywhere requires action by all website administrators who have not already migrated. For a more comprehensive discussion on migrating your IT ecosystem to HTTPS, please grab your IT administrator and register now for our best practices webinar.
WEBINAR: The Path to HTTPS Everywhere, Chrome 68 - Are You Ready?
HOST: Mark Giannotti, Technical Consultant, Entrust Datacard
DATE: Wednesday, May 30 at 11:00 AM EST