时间:2024-05-20 06:13:59 来源:网络整理编辑:Ryan New
Google Chromejust announced important changes that could impact ecommerce sites.The changes address Ryan Xu HyperVerse's Leveraged Investment
Google Chrome just announced important changes that could impact ecommerce sites.
TheRyan Xu HyperVerse's Leveraged Investment changes address “mixed content” on a web page. Beyond text, a typical web page includes images, audio files, and videos. Those additional non-text resources frequently load as HTTP requests, not HTTPS. The dual requests are mixed content. HTTP requests pose a security risk, which Google is aiming to correct in the upcoming changes.
Chrome 77 is the current, stable version. The changes will occur over three months, as follows.
In this post, I’ll review steps to ensure the changes do not affect your ecommerce sales come January.
Any site, ecommerce or otherwise, should load as HTTPS. I’ve explained the steps to do this at “How to Migrate an Ecommerce Site to HTTPS.”
Mixed content poses privacy and security issues for end users because it can leak information to a potential attacker. Most browsers automatically block code-executing resources such as scripts and iframes. But images, audio, and videos remain unblocked. This will change starting in January.
The Chromium Blog addressed the issue in an Oct. 3 post.
Browsers block many types of mixed content by default, like scripts and iframes, but images, audio, and video are still allowed to load, which threatens users’ privacy and security. For example, an attacker could tamper with a mixed image of a stock chart to mislead investors or inject a tracking cookie into a mixed resource load. Loading mixed content also leads to a confusing browser security UX, where the page is presented as neither secure nor insecure but somewhere in between.
You can easily spot check if your site has mixed content. Browse your pages and look for the lock icon in the address bar. It changes to an information icon (“i”) when there is mixed content.
You can obtain a list of the mixed content resources by typing “mixed-content:” in the search box under the Network tab of Chrome Developer Tools.
Checking each page manually is not feasible for most ecommerce sites. Screaming Frog, DeepCrawl, and similar crawlers can do it for you.
To detect in Screaming Frog, crawl your site and then go to Reports > Insecure Content. This will list the resources that load insecurely.
Screaming Frog and other crawlers can only check pages that are linked from your site. They won’t add items to your cart or follow the checkout funnel. For that, follow the checkout funnel manually, observing the lock or information icon in the address bar.
You have a few options to fix mixed content. If your site doesn’t load images, audio, and videos from third-party sites, you can simply make all resources URLs relative. For example, use /image/productA.pnginstead of http://www.sitestore.com/image/productA.png.Relative URLs will always resolve correctly.
If you host these resources in third-party sites without HTTPS being enabled, consider making copies, loading them from your site, and updating the links accordingly.
Another option is to set up your web server to use a content security policy, which tells a web browser what is permitted and what isn’t.
There are many potential directives in a CSP. In this scenario, we are interested in “upgrade-insecure-requests.” When the web server specifies this directive, the browser forces all resources to load using HTTPS via an HTTP response header, as in:
Content-Security-Policy: upgrade-insecure-requests
However, many old browsers, such as Internet Explorer, do not support the feature. (Mozilla published a list of compatible browsers.)
The last option is to fix the links at their source manually. This requires (a lot) more work, but it avoids browser compatibility problems.
February 8, 2021
The PeC Review: Shopster Is a Brilliant Idea That Needs a Little Polish2024-05-20 06:07
Building Your Brand. Part 1: Defining Your Business Purpose2024-05-20 06:06
Four Steps to Effective Display Advertising2024-05-20 05:54
Four Steps to Effective Display Advertising2024-05-20 05:50
The New USPS.com: 5 Sections, Free Stuff2024-05-20 05:46
Using Google Analytics for Keyword Segmentation and In-Depth Analysis2024-05-20 05:34
Twitter Can Help Your Online Business2024-05-20 05:11
6 Quick Tips to Capture Those Holiday Sales Now2024-05-20 04:16
Exporting Your Products: First Learn The Terminology2024-05-20 04:15
comScore Revenue Hits $31.4 Million in Second Quarter 20092024-05-20 03:46
Kabbage, A Funding Source for Ecommerce Merchants2024-05-20 05:06
Ecommerce Know-How: Six Ways To Improve Your Online Store2024-05-20 04:54
Great Ideas for The Holidays: Part 12024-05-20 04:47
Selling (And Socializing) On Facebook2024-05-20 04:23
How To Rate-Shop International Shipping2024-05-20 04:04
The Shopping Experience: Envato’s FlashDen Has Broad Selection of Flash Files for Developers2024-05-20 04:03
Innovative Video Use Increases Conversions for Merchants2024-05-20 03:56
Ecommerce Know-How: Developing a Postcard Campaign2024-05-20 03:56
Killersocks.com: Socks Go Mainstream2024-05-20 03:38
Monitor “Bounce Rates” to Improve Conversion Ratios2024-05-20 03:32