I know that it has been a couple of months since I last published a blog on Spark Creative’s site. COVID-19 upended my routines across all areas of life, just like it did for the entire world. To help me stay healthy and support my family, I rebalanced my schedule during the height of the pandemic. Of course, this change pushed some things back on my to-do list, like my weekly blogs, indefinitely. I hope that you, your family, and your friends have remained healthy and high-spirited during this time.
Even though the country is reopening, I still find myself hesitant to leave the house and go places. I drive up to Starbucks in the morning to get coffee, so I am averaging about ten miles on my car each day. I went from filling my gas tank every five days to once every six weeks! I feel like we are in the middle of this “mixed bag,” an odd balance between getting back to (a sense of) normalcy and continuing to follow best health practices and coronavirus-related guidelines to prevent another shutdown.
Given this “mixed bag,” I thought that it would be good to publish a third blog post in Spark Creative’s “SEO From Home” series about mixed content on your website. This error is traceable to the formation of the internet. As such, we will start our discussion there.
The Evolution From HTTP to HTTPS
When the internet first was formed, the Hypertext Transfer Protocol (HTTP) allowed for the communication between different online systems, namely a user’s web browser and the server that hosted a website. The internet soon discovered that the HTTP protocol did not transfer data securely. This realization posed issues for websites, especially those that collected user information through password-protected accounts.
Servers store passwords and user account information for websites in databases, just as they host the same site’s content. When I go to a website and log into my account, my web browser sends the credentials I enter to a web server, and if they match the information stored in the database, the login is successful. This transfer of information highlights HTTP’s biggest flaw. If I were to log into an HTTP website, my username and password would be visible to anyone—notably malicious actors—who could then hack my account! The same goes for other personally identifiable information like credit card numbers, dates of birth, and social security numbers.
The lack of protection for this sensitive information ushered in the creation of HTTPS, backed by what is known as an SSL certificate. HTTPS websites also have an additional layer of security called Transport Layer Security (TLS). These crucial security improvements made HTTPS incredibly more secure than HTTP. With HTTPS, instead of a password or credit card number being visible during its transfer to-and-from a computer to a server, all of this information is encrypted, undiscernible to any malicious actor.
Google Likes HTTPS Sites
Businesses had an incentive to secure their websites with an SSL certificate to evolve from HTTP to HTTPS. While members of the general public may not have fully understood the intricacies of cybersecurity, Google sure did. In fact, in 2014, Google announced that HTTPS secured websites would receive a ranking boost on SERPs. For businesses concerned about their positions when users searched on Google, securing their websites became a must-do.
Six years later, we as users do not think much of the HTTP-HTTPS difference since most sites are secured. Modern browsers like Google Chrome make it nearly impossible to access unsecured websites. I use Chrome, and in many cases, it will 100% block access to a site that does not have an SSL certificate.
So, What Is Mixed Content?
When I conduct website and SEO audits on clients’ websites, one of the most common errors I find is mixed content on pages. Mixed content occurs when a website has a valid SSL certificate, hence being HTTPS, but loads online content (e.g. links and images) that is HTTP. In other words, a secure website displays unsecured content.
While a user will likely not know that there is HTTP content on pages, both web browsers and Google do! Having mixed content leads to error messages appearing in the menu bar, alerting the user that your site is “not fully secure,” which can make him or her hesitant to enter personal information.
Moreover, Google gives a ranking boost to fully secured websites. This boost does not apply to sites that have an SSL certificate but load HTTP content.
Fortunately, mixed content is easy to rectify. In many of the mixed content cases I have analyzed in SEO reports, most are external links on webpages or blogs that are HTTP instead of HTTPS. The simplest remedy is to replace the “HTTP” with “HTTPS,” just by adding an -S to the end. Of course, you will want to make sure that the site you are linking to is HTTPS (i.e. test the link first before adding it in).
How Do I Find Mixed Content?
While you can do a find and replace across your site for “http://,” one of the best ways to find mixed content is to use an industry-leading tool: Screaming Frog. This is a free tool that search engine optimization professionals use to improve the health of a website. While the software’s paid version offers some advanced features, for mixed content the free version will suffice.
Screaming Frog works by crawling your website, just like Google’s crawlers do, and analyzing everything—from links to title tags to meta descriptions to images. It is an amazing tool that can help you locate errors on your site that are otherwise hidden. So, pause reading this and download Screaming Frog so we can find all of the mixed content on your website!
After downloading Screaming Frog, launch the app and enter your website’s fully qualified URL into the address bar. This means that you should not just put your domain name but instead your full URL. For example, instead of sparkcreativecle.com, I will put https://www.sparkcreativecle.com. The easiest way to do this is just to copy and paste the URL from your web browser’s address bar. Once you enter the URL into Screaming Frog, go ahead and click start.
Using Screaming Frog to Find Mixed Content
In the bottom right corner, you can track the progress of Screaming Frog crawling your site. Once it’s finished, displaying “100%,” we can continue our quest to remove mixed content. On the right-hand side of the platform, you will see a long navigation chart. If you scroll down to the section labeled “Protocol” there are three options: “All,” “HTTP,” and “HTTPS.” Since my site is HTTPS, I want there to be zero URLs in the HTTP row, meaning that there is no mixed content on my site. Good news: I do not have any!
For this blog, I am going to go over the process to follow using the results in the HTTPS row. The process is the same for the HTTP section. First, if you click the HTTP row, a list of all the HTTP links will appear on the upper-left side of the screen. These are all of the instances of mixed content on your HTTPS site! While seeing all of the links helps, we need to know where these links are so we can replace them.
This is super easy to do! If you click one of the URLs, a detail pane appears at the bottom-left of the screen. It begins on the “URL Details” tab. Go ahead and click “Inlinks.” The “From” column tells you the page the link appears on, and if you scroll to the right, “Anchor Text” tells you the exact phrase the link is attached to!
Now you have the final pieces of this mixed content puzzle. You can navigate to that page and find that line of text in your copy. Swap out the link and repeat the process for each URL in the HTTP list. You can do the same for the “Outlinks” tab as well. Depending on how many instances of mixed content you have, this can be very time-consuming. However, devoting some time each day to removing old HTTP links can make your site more secure and safer in the eyes of Google. It also reaps continued benefits for SEO.