SlideShare a Scribd company logo

How to Safeguard Your Site from Chrome's New Security Updates

Download as PPTX, PDF
Patrick Hathaway
Patrick Hathaway

In early 2020 Google;s Chrome browser is releasing a number of updates that focus on improving security for website visitors. The imminent updates don't just have user experience implications; in some cases users could be completely blocked from visiting your website. Find out what is changing, why it's changing, and what you can do about it - in order to protect your website from potentially catastrophic issues.

Marketing
1 of 42
How to Safeguard Your Site from Chrome's New Security Updates 22nd January 2020 Patrick Hathaway @HathawayP
@HathawayP What this presentation covers 1. What is changing in Chrome and why. 2. Mixed content - what does it mean? 3. Insecure TLS - what does it mean? 4. How to audit security issues.
@HathawayP Google care about security 1. In 2011 they adopted HTTPS. 2. In 2014 HTTPS became a ranking factor in search. 3. In 2018 Chrome began marking HTTP sites as ‘not secure’. 4. In 2020….plenty more to come.
Why do they care so much??? @HathawayP
Because Google need their users (searchers) to TRUST them @HathawayP
@HathawayP Why you should also care about security • Visitors might start seeing warnings when they arrive at your site. • Your pages might have missing elements. • Worst case scenario is that browsers might start blocking your content from displaying at all.
@HathawayP Chrome security updates Q1 2020 1. Chrome will gradually start blocking mixed content by default. 2. Chrome (and the other major browsers) will stop supporting depreciated TLS protocols.
@HathawayP #1 Mixed Content – what is it? When a web page is loaded over HTTPS and some of the page resources load over HTTP. So there is a mix of HTTPS and HTTP, picked up at the URL level.
@HathawayP Example – image loaded over HTTP This page loads over https:// but contains an image that loads over http://
@HathawayP This could be any page resource URL • Image • Video • Audio • JavaScript • CSS • IFrame • Etc…
@HathawayP Current mixed content warning
@HathawayP Chrome ‘mixed content timeline’ 1. Chrome 80 (February 4th 2020) - mixed audio and video resources will be autoupgraded or blocked if they don’t load over https://. 2. Chrome 81 (March 17th 2020) - mixed images will be autoupgraded or blocked if they don’t load over https://.
@HathawayP What does ‘autoupgrade’ mean? If they find a resource URL on http://, behind the scenes they will just try to load it over https:// instead. The issue is if these resources are not accessible over https://, in which case they simply will not be loaded.
@HathawayP Not loaded = not actually on the page If product images can’t be loaded over https:// they will not be displayed.
@HathawayP You’ll still get the padlock Chrome will show the padlock to say the page is secure, even if some of the content is being blocked. -> You need to audit this stuff
@HathawayP How to audit mixed content In Sitebulb, navigate to the Security report:
@HathawayP List of URLs with mixed content issues Click Hint Details to dig into each one:
@HathawayP HTML highlighter picks out http:// Scroll through HTML to find issues:
@HathawayP Or list the insecure resources Hit the ‘Insecure Resources’ tab for list:
@HathawayP How to fix mixed content issues You must only use https:// URLs when loading resources on your page. For each URL that loads HTTP resources, update the link references to point to the HTTPS counterparts. Much more important to do for resource types that Chrome will not autoupgrade.
@HathawayP If resources are not available on https:// • Include the resource from a different host, if possible(over HTTPS, obvs). • Download and host the content on your site directly, if you are legally allowed to do so. • Exclude the resource from your site altogether (which may mean you need to find an alternative solution).
@HathawayP #2 TLS – what is it? TLS is the encryption used in order to make HTTPS secure. Any website that uses HTTPS is employing TLS encryption. If the encryption is weak, it is more vulnerable to attack, and this exists at the domain/website level.
@HathawayP HTTP is the protocol for data transfer HTTP request from browser to server HTTP response from server to browser
@HathawayP HTTPS = (HTTP + an encryption layer) Password = sandwich1 Password = $665fdvzs_/$^*rt5 HTTP – data is not encrypted HTTPS – data is encrypted, using TLS
@HathawayP TLS = Transport Layer Security TLS is the encryption layer that makes the HTTP data transfer secure. However, some versions of TLS are very OLD, and no longer as secure as we need them to be.
@HathawayP TLS release timeline • TLS 1.0 – released 1999 • TLS 1.1 – released 2006 • TLS 1.2 – released 2008 • TLS 1.3 – released 2018
@HathawayP TLS release timeline • TLS 1.0 – released 1999 • TLS 1.1 – released 2006 • TLS 1.2 – released 2008 • TLS 1.3 – released 2018 RED = DEPRECIATED = SECURITY RISK
@HathawayP Chrome ‘TLS timeline’ 1. Chrome 79 (out now!) - Chrome will give sites a "not secure" label if TLS 1.2 is not enabled. 2. Chrome 81 (March 17th 2020) - Chrome will show a full page warning if TLS 1.2 is not enabled.
@HathawayP Full page warning = no content
@HathawayP Full page warning -> Implications • Users will most likely bounce. • Organic and paid channels will suffer. • Googlebot may not be able to access your content.
@HathawayP GSC already sending warning emails
@HathawayP All the major browsers are united All dropping TLS 1.0 & 1.1 in March: • Google • Microsoft • Apple • Mozilla
@HathawayP Auditing TLS -> Sitebulb Security report
@HathawayP Ok but not perfect example TLS 1.2 enabled, so no full page Chrome warning, BUT site is still accessible over TLS 1.0 and TLS 1.1, and therefore not secure:
@HathawayP Particularly important for certain sites • Ecommerce sites that handles transaction data (the above site would not pass PCI compliance) • Websites that handle sensitive data (e.g. medical data) • Websites that store personal data (e.g. names and addresses)
@HathawayP Perfect example TLS 1.2 enabled AND TLS 1.1, TLS 1.0 and SSL all DISABLED. This is what you want.
@HathawayP How to fix TLS issues In order to ensure your site has no issues with TLS, you need the following setup: • Disable: SSL, TLS 1.0, TLS 1.1. • TLS 1.2 should be enabled. • TL3 1.3 can optionally also be enabled.
@HathawayP This is a job for the ‘server guy’ This is a task for whoever runs your website server: • In house developer/SysAdmin • 3rd party website hosting company • Ecommerce software provider
@HathawayP Bonus tip Hit the ‘Printable PDF’ button in the Sitebulb Security report, to get a PDF report you can forward on.
@HathawayP Takeaways -> Take security seriously! If you don’t you could be subject to: • Users and search engines unable to access content. • Users seeing warnings and losing trust in your site. • Important content not being displayed on your web pages.
@HathawayP Takeaways -> Action points • Regularly audit your website and pay attention to security warnings. • Check Google Search Console for existing messages. • Make sure you are signed up to GSC email notifications. • Start to practice ‘secure as standard.’
Sitebulb free 14 day trial: -> sitebulb.com/download/ Blog post contains full, up to date explanation of these issues -> bit.ly/security-2020 Patrick Hathaway @HathawayP

Recommended

The Rise of JavaScript and What it Means for SEO
The Rise of JavaScript and What it Means for SEOThe Rise of JavaScript and What it Means for SEO
The Rise of JavaScript and What it Means for SEOPatrick Hathaway
 
Cool Shit You Can Do With WordPress (BrightonSEO 2014)
Cool Shit You Can Do With WordPress (BrightonSEO 2014)Cool Shit You Can Do With WordPress (BrightonSEO 2014)
Cool Shit You Can Do With WordPress (BrightonSEO 2014)Patrick Hathaway
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 

Recommended

The Rise of JavaScript and What it Means for SEO
The Rise of JavaScript and What it Means for SEOThe Rise of JavaScript and What it Means for SEO
The Rise of JavaScript and What it Means for SEOPatrick Hathaway
 
Cool Shit You Can Do With WordPress (BrightonSEO 2014)
Cool Shit You Can Do With WordPress (BrightonSEO 2014)Cool Shit You Can Do With WordPress (BrightonSEO 2014)
Cool Shit You Can Do With WordPress (BrightonSEO 2014)Patrick Hathaway
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
GreenSEO April 2024: Join the Green Web Revolution
GreenSEO April 2024: Join the Green Web RevolutionGreenSEO April 2024: Join the Green Web Revolution
GreenSEO April 2024: Join the Green Web RevolutionWilliam Barnes
 
What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?riteshhsociall
 
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...How videos can elevate your Google rankings and improve your EEAT - Benjamin ...
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...Benjamin Szturmaj
 
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024Richard Ingilby
 
How to Create a Social Media Plan Like a Pro - Jordan Scheltgen
How to Create a Social Media Plan Like a Pro - Jordan ScheltgenHow to Create a Social Media Plan Like a Pro - Jordan Scheltgen
How to Create a Social Media Plan Like a Pro - Jordan ScheltgenDigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxUnraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxelizabethella096
 
No Cookies No Problem - Steve Krull, Be Found Online
No Cookies No Problem - Steve Krull, Be Found OnlineNo Cookies No Problem - Steve Krull, Be Found Online
No Cookies No Problem - Steve Krull, Be Found OnlineDigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Top 5 Breakthrough AI Innovations Elevating Content Creation and Personalizat...
Top 5 Breakthrough AI Innovations Elevating Content Creation and Personalizat...Top 5 Breakthrough AI Innovations Elevating Content Creation and Personalizat...
Top 5 Breakthrough AI Innovations Elevating Content Creation and Personalizat...DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
April 2024 - VBOUT Partners Meeting Group
April 2024 - VBOUT Partners Meeting GroupApril 2024 - VBOUT Partners Meeting Group
April 2024 - VBOUT Partners Meeting GroupVbout.com
 
Branding strategies of new company .pptx
Branding strategies of new company .pptxBranding strategies of new company .pptx
Branding strategies of new company .pptxVikasTiwari846641
 
Creator Influencer Strategy Master Class - Corinne Rose Guirgis
Creator Influencer Strategy Master Class - Corinne Rose GuirgisCreator Influencer Strategy Master Class - Corinne Rose Guirgis
Creator Influencer Strategy Master Class - Corinne Rose GuirgisDigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Factors-Influencing-Branding-Strategies.pptx
Factors-Influencing-Branding-Strategies.pptxFactors-Influencing-Branding-Strategies.pptx
Factors-Influencing-Branding-Strategies.pptxVikasTiwari846641
 
Cost-effective tactics for navigating CPC surges
Cost-effective tactics for navigating CPC surgesCost-effective tactics for navigating CPC surges
Cost-effective tactics for navigating CPC surgesPushON Ltd
 
How to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessHow to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessAggregage
 
Local SEO Domination: Put your business at the forefront of local searches!
Local SEO Domination: Put your business at the forefront of local searches!Local SEO Domination: Put your business at the forefront of local searches!
Local SEO Domination: Put your business at the forefront of local searches!dstvtechnician
 
Brand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdfBrand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdftbatkhuu1
 
Brand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdfBrand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdftbatkhuu1
 
Foundation First - Why Your Website and Content Matters - David Pisarek
Foundation First - Why Your Website and Content Matters - David PisarekFoundation First - Why Your Website and Content Matters - David Pisarek
Foundation First - Why Your Website and Content Matters - David PisarekDigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
The Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdfThe Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdfVWO
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

More Related Content

Recently uploaded

GreenSEO April 2024: Join the Green Web Revolution
GreenSEO April 2024: Join the Green Web RevolutionGreenSEO April 2024: Join the Green Web Revolution
GreenSEO April 2024: Join the Green Web RevolutionWilliam Barnes
 
What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?riteshhsociall
 
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...How videos can elevate your Google rankings and improve your EEAT - Benjamin ...
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...Benjamin Szturmaj
 
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024Richard Ingilby
 
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxUnraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxelizabethella096
 
April 2024 - VBOUT Partners Meeting Group
April 2024 - VBOUT Partners Meeting GroupApril 2024 - VBOUT Partners Meeting Group
April 2024 - VBOUT Partners Meeting GroupVbout.com
 
Branding strategies of new company .pptx
Branding strategies of new company .pptxBranding strategies of new company .pptx
Branding strategies of new company .pptxVikasTiwari846641
 
Factors-Influencing-Branding-Strategies.pptx
Factors-Influencing-Branding-Strategies.pptxFactors-Influencing-Branding-Strategies.pptx
Factors-Influencing-Branding-Strategies.pptxVikasTiwari846641
 
Cost-effective tactics for navigating CPC surges
Cost-effective tactics for navigating CPC surgesCost-effective tactics for navigating CPC surges
Cost-effective tactics for navigating CPC surgesPushON Ltd
 
How to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessHow to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessAggregage
 
Local SEO Domination: Put your business at the forefront of local searches!
Local SEO Domination: Put your business at the forefront of local searches!Local SEO Domination: Put your business at the forefront of local searches!
Local SEO Domination: Put your business at the forefront of local searches!dstvtechnician
 
Brand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdfBrand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdftbatkhuu1
 
Brand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdfBrand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdftbatkhuu1
 
The Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdfThe Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdfVWO
 

Recently uploaded (20)

GreenSEO April 2024: Join the Green Web Revolution
GreenSEO April 2024: Join the Green Web RevolutionGreenSEO April 2024: Join the Green Web Revolution
GreenSEO April 2024: Join the Green Web Revolution
 
What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?
 
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...How videos can elevate your Google rankings and improve your EEAT - Benjamin ...
How videos can elevate your Google rankings and improve your EEAT - Benjamin ...
 
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
 
How to Create a Social Media Plan Like a Pro - Jordan Scheltgen
How to Create a Social Media Plan Like a Pro - Jordan ScheltgenHow to Create a Social Media Plan Like a Pro - Jordan Scheltgen
How to Create a Social Media Plan Like a Pro - Jordan Scheltgen
 
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxUnraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
 
No Cookies No Problem - Steve Krull, Be Found Online
No Cookies No Problem - Steve Krull, Be Found OnlineNo Cookies No Problem - Steve Krull, Be Found Online
No Cookies No Problem - Steve Krull, Be Found Online
 
Top 5 Breakthrough AI Innovations Elevating Content Creation and Personalizat...
Top 5 Breakthrough AI Innovations Elevating Content Creation and Personalizat...Top 5 Breakthrough AI Innovations Elevating Content Creation and Personalizat...
Top 5 Breakthrough AI Innovations Elevating Content Creation and Personalizat...
 
April 2024 - VBOUT Partners Meeting Group
April 2024 - VBOUT Partners Meeting GroupApril 2024 - VBOUT Partners Meeting Group
April 2024 - VBOUT Partners Meeting Group
 
Branding strategies of new company .pptx
Branding strategies of new company .pptxBranding strategies of new company .pptx
Branding strategies of new company .pptx
 
Creator Influencer Strategy Master Class - Corinne Rose Guirgis
Creator Influencer Strategy Master Class - Corinne Rose GuirgisCreator Influencer Strategy Master Class - Corinne Rose Guirgis
Creator Influencer Strategy Master Class - Corinne Rose Guirgis
 
Factors-Influencing-Branding-Strategies.pptx
Factors-Influencing-Branding-Strategies.pptxFactors-Influencing-Branding-Strategies.pptx
Factors-Influencing-Branding-Strategies.pptx
 
Cost-effective tactics for navigating CPC surges
Cost-effective tactics for navigating CPC surgesCost-effective tactics for navigating CPC surges
Cost-effective tactics for navigating CPC surges
 
How to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessHow to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail Success
 
Local SEO Domination: Put your business at the forefront of local searches!
Local SEO Domination: Put your business at the forefront of local searches!Local SEO Domination: Put your business at the forefront of local searches!
Local SEO Domination: Put your business at the forefront of local searches!
 
Brand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdfBrand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdf
 
Brand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdfBrand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdf
 
Foundation First - Why Your Website and Content Matters - David Pisarek
Foundation First - Why Your Website and Content Matters - David PisarekFoundation First - Why Your Website and Content Matters - David Pisarek
Foundation First - Why Your Website and Content Matters - David Pisarek
 
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...
 
The Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdfThe Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdf
 

Featured

PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 

Featured (20)

PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 

How to Safeguard Your Site from Chrome's New Security Updates

  • 1. How to Safeguard Your Site from Chrome's New Security Updates 22nd January 2020 Patrick Hathaway @HathawayP
  • 2. @HathawayP What this presentation covers 1. What is changing in Chrome and why. 2. Mixed content - what does it mean? 3. Insecure TLS - what does it mean? 4. How to audit security issues.
  • 3. @HathawayP Google care about security 1. In 2011 they adopted HTTPS. 2. In 2014 HTTPS became a ranking factor in search. 3. In 2018 Chrome began marking HTTP sites as ‘not secure’. 4. In 2020….plenty more to come.
  • 4. Why do they care so much??? @HathawayP
  • 5. Because Google need their users (searchers) to TRUST them @HathawayP
  • 6. @HathawayP Why you should also care about security • Visitors might start seeing warnings when they arrive at your site. • Your pages might have missing elements. • Worst case scenario is that browsers might start blocking your content from displaying at all.
  • 7. @HathawayP Chrome security updates Q1 2020 1. Chrome will gradually start blocking mixed content by default. 2. Chrome (and the other major browsers) will stop supporting depreciated TLS protocols.
  • 8. @HathawayP #1 Mixed Content – what is it? When a web page is loaded over HTTPS and some of the page resources load over HTTP. So there is a mix of HTTPS and HTTP, picked up at the URL level.
  • 9. @HathawayP Example – image loaded over HTTP This page loads over https:// but contains an image that loads over http://
  • 10. @HathawayP This could be any page resource URL • Image • Video • Audio • JavaScript • CSS • IFrame • Etc…
  • 12. @HathawayP Chrome ‘mixed content timeline’ 1. Chrome 80 (February 4th 2020) - mixed audio and video resources will be autoupgraded or blocked if they don’t load over https://. 2. Chrome 81 (March 17th 2020) - mixed images will be autoupgraded or blocked if they don’t load over https://.
  • 13. @HathawayP What does ‘autoupgrade’ mean? If they find a resource URL on http://, behind the scenes they will just try to load it over https:// instead. The issue is if these resources are not accessible over https://, in which case they simply will not be loaded.
  • 14. @HathawayP Not loaded = not actually on the page If product images can’t be loaded over https:// they will not be displayed.
  • 15. @HathawayP You’ll still get the padlock Chrome will show the padlock to say the page is secure, even if some of the content is being blocked. -> You need to audit this stuff
  • 16. @HathawayP How to audit mixed content In Sitebulb, navigate to the Security report:
  • 17. @HathawayP List of URLs with mixed content issues Click Hint Details to dig into each one:
  • 18. @HathawayP HTML highlighter picks out http:// Scroll through HTML to find issues:
  • 19. @HathawayP Or list the insecure resources Hit the ‘Insecure Resources’ tab for list:
  • 20. @HathawayP How to fix mixed content issues You must only use https:// URLs when loading resources on your page. For each URL that loads HTTP resources, update the link references to point to the HTTPS counterparts. Much more important to do for resource types that Chrome will not autoupgrade.
  • 21. @HathawayP If resources are not available on https:// • Include the resource from a different host, if possible(over HTTPS, obvs). • Download and host the content on your site directly, if you are legally allowed to do so. • Exclude the resource from your site altogether (which may mean you need to find an alternative solution).
  • 22. @HathawayP #2 TLS – what is it? TLS is the encryption used in order to make HTTPS secure. Any website that uses HTTPS is employing TLS encryption. If the encryption is weak, it is more vulnerable to attack, and this exists at the domain/website level.
  • 23. @HathawayP HTTP is the protocol for data transfer HTTP request from browser to server HTTP response from server to browser
  • 24. @HathawayP HTTPS = (HTTP + an encryption layer) Password = sandwich1 Password = $665fdvzs_/$^*rt5 HTTP – data is not encrypted HTTPS – data is encrypted, using TLS
  • 25. @HathawayP TLS = Transport Layer Security TLS is the encryption layer that makes the HTTP data transfer secure. However, some versions of TLS are very OLD, and no longer as secure as we need them to be.
  • 26. @HathawayP TLS release timeline • TLS 1.0 – released 1999 • TLS 1.1 – released 2006 • TLS 1.2 – released 2008 • TLS 1.3 – released 2018
  • 27. @HathawayP TLS release timeline • TLS 1.0 – released 1999 • TLS 1.1 – released 2006 • TLS 1.2 – released 2008 • TLS 1.3 – released 2018 RED = DEPRECIATED = SECURITY RISK
  • 28. @HathawayP Chrome ‘TLS timeline’ 1. Chrome 79 (out now!) - Chrome will give sites a "not secure" label if TLS 1.2 is not enabled. 2. Chrome 81 (March 17th 2020) - Chrome will show a full page warning if TLS 1.2 is not enabled.
  • 30. @HathawayP Full page warning -> Implications • Users will most likely bounce. • Organic and paid channels will suffer. • Googlebot may not be able to access your content.
  • 32. @HathawayP All the major browsers are united All dropping TLS 1.0 & 1.1 in March: • Google • Microsoft • Apple • Mozilla
  • 33. @HathawayP Auditing TLS -> Sitebulb Security report
  • 34. @HathawayP Ok but not perfect example TLS 1.2 enabled, so no full page Chrome warning, BUT site is still accessible over TLS 1.0 and TLS 1.1, and therefore not secure:
  • 35. @HathawayP Particularly important for certain sites • Ecommerce sites that handles transaction data (the above site would not pass PCI compliance) • Websites that handle sensitive data (e.g. medical data) • Websites that store personal data (e.g. names and addresses)
  • 36. @HathawayP Perfect example TLS 1.2 enabled AND TLS 1.1, TLS 1.0 and SSL all DISABLED. This is what you want.
  • 37. @HathawayP How to fix TLS issues In order to ensure your site has no issues with TLS, you need the following setup: • Disable: SSL, TLS 1.0, TLS 1.1. • TLS 1.2 should be enabled. • TL3 1.3 can optionally also be enabled.
  • 38. @HathawayP This is a job for the ‘server guy’ This is a task for whoever runs your website server: • In house developer/SysAdmin • 3rd party website hosting company • Ecommerce software provider
  • 39. @HathawayP Bonus tip Hit the ‘Printable PDF’ button in the Sitebulb Security report, to get a PDF report you can forward on.
  • 40. @HathawayP Takeaways -> Take security seriously! If you don’t you could be subject to: • Users and search engines unable to access content. • Users seeing warnings and losing trust in your site. • Important content not being displayed on your web pages.
  • 41. @HathawayP Takeaways -> Action points • Regularly audit your website and pay attention to security warnings. • Check Google Search Console for existing messages. • Make sure you are signed up to GSC email notifications. • Start to practice ‘secure as standard.’
  • 42. Sitebulb free 14 day trial: -> sitebulb.com/download/ Blog post contains full, up to date explanation of these issues -> bit.ly/security-2020 Patrick Hathaway @HathawayP