Supporting a secure web

Over the past couple of years Google, have been advocating adoption of a more secure web by encouraging all websites use to https.

Google have been helping users understand that http sites are not secure by gradually increasing the prominence of sites not served over https in their Chrome browser. 

You may have noticed when surfing the web that Google Chrome reports sites not served over https as not secure. Here is how it looks from Chrome 56 onwards.

Example HTTP

From July, when Chrome 68 is released, this will be made more explicit. A "Not secure" tag will be displayed next to the web site address.

Treatment of HTTP pages

This will be made even more prominent in future releases of Chrome. Although it's not finalised yet, Google have suggested that this is the next level of alert:


Not secure example

We've been on the https train for a few years now. New features in the last two years have included adding a configuration for forcing sites to use https, adding the HSTS header to https-only sites and supporting https in Galaxies sites. All websites designed and built by Jadu Creative (Jadu's digital design agency) are served over https. It's no longer an option, just the default. 

Serving a site over https isn't particularly difficult but there are a few steps involved. Here's what we do:

1. Install a certificate
2. Configure Jadu CMS to be 'https only'. This does a few things:
a) Outputs default links as https
b) Adds a redirect from http to https
c) Adds a HSTS header (this tells the browser to always make https requests to the site)
3. Change any references in templates from http to https

The vast majority of our sites are now served over https, however there are still a few that have not been updated in the last few years and are not benefitting from the https-goodness. If you would like more information on serving your site over https, get in touch with Jadu Creative.

 

 

By Richard Backhouse, Guest Blogger

Back to Blog

Leave a comment