SLU Switches to HTTPS
The Saint Louis University Division of Marketing and Communications works continuously to ensure the SLU website is as informative, responsive and secure as possible. Recent changes by Google have made it imperative that we move from HTTP to HTTPS as a uniform source identifier.
What’s the difference between the two? The “s” in HTTPS stands for “secure.” It has been used for many years by financial institutions and other digital presences that required a secure connection, but is now becoming standard across many websites and is strongly encouraged by Google.
The search engine's preference for HTTPS sites vs. HTTP has for several years played a small role in how highly web pages were ranked in search results, but as of July 2018, visitors who use Google Chrome will see a “not secure” warning on sites not using HTTPS.
Google says, “An HTTPS connection is critical to protecting users and your business from unwanted intruders and suspicious activity. A site using HTTP is susceptible to eavesdropping – which means it’s possible for others to intercept information without being detected.”
It is imperative to follow Google web standards. In FY18 Google search accounted for 51 percent of the traffic to slu.edu, that is equal to nearly 2.4 million web sessions.
Next Steps for Increasing Security
In the following days, the administrators of slu.edu will be taking steps to ensure links on the website are compliant. Content generated through OU Campus, the University's content management system (CMS) will publish only as HTTPS. Additional work will be done in the following months to move toward a more secure slu.edu.
While content hosted directly through the University’s CMS will use secure mode, content hosted on external websites and embedded in a slu.edu page will also need to be updated. This includes, but is not limited to:
- Images
- Videos
- Scripts
- Imports
- iframe tags
If these issues are not addressed, visitors to slu.edu will receive a warning message when visiting the site using a Chrome browser or via Google. Additionally, as Google places a high emphasis on secure content, sites that do not keep up with its standards will fall in search results.
Web site administrators in the Marcom division can identify pages using unsecured content and will provide each CMS user a list of affected content in coming weeks. If the external content or web service is not available as HTTPS, it is recommended that a new resource be found and that links to the unsecured source be phased out.
For questions about this initiative, please contact Mark Rimar, director of web services, at mark.rimar@slu.edu.