Sunday, January 15, 2017

Chrome 56 release and move your site to HTTPS


Google Chrome 56 release is coming nearby and it will flag any HTTP website that collect passwords and other sensitive information as "Not Secure". Historically, Chrome has not explicitly tagged HTTP connections as non-secure. Chrome currently indicates HTTP connections with a neutral indicator.


To test the upcoming user experience before the time, you can install the latest Google Chrome Canary.

To configure chrome to show the warning as it will show in Chrome 56, open chrome://flags/#mark-non-secure-as and set the Mark non-secure origins as non-secure option to Display a verbose state when password or credit card fields are detected on an HTTP page.

Move your site to HTTPS


To enable HTTPS on your website, you need to get a certificate (a type of file) from a certificate authority (CA). Let's Encrypt is a CA. In order to get a certificate for your website's domain from Let's Encrypt, you have to demonstrate control over the domain.

You need to move all of your site content and all of your third party resources including ads to HTTPS in order for your site to work properly. All google source ads are already served over HTTPS.

Google recommend initially moving just a piece of site to test any effects on traffic and search indexing. After that you can move your site all in once or in chunks. Plan for a few weeks to allow for crawling and indexing to pick up changes, plus time to monitor traffic.

Google recommend using rel=canonical and it also recommend separate robots.txt file for HTTP and HTTPS, pointing to separate sitemap files for HTTP and HTTPS. List a specific URL in only one sitemap file.

FAQs:

How to Enable HTTPS on Server: