Search form

2493891
Strengthening Your Browser Security

We’re committed in providing the most secure platform for our buyers and sellers. To do so, we’re continuously strengthening our security measures, starting with updating to HTTPS to make listing pages more secure, and to be in line with industry standards.

Topics we'll cover

What's the change?

--Paragraph Start--

As announced in our last Seller Release, due to Google’s protocols, we’ll expand applying the HTTPS communications protocol to transmit all information between your desktop browser or mobile device and our site, and not just for sensitive information.

--Paragraph End--

 

How browser security is changing

--Paragraph Start--
 
Starting in October 2017, Google will be taking stronger measures with pages that have not yet adopted the HTTPS security protocol. Browsers will display a ‘Not Secure’ message or indicator when users enter data on a HTTP page, and on HTTPS pages that contain non-secure HTTP content.
 
Non-compliant before:
 
 
Non-compliant after:
 
 
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP where the 'S' stands for 'Secure'. It means all communications between your browser and the website are encrypted, which is important to protect your data.
 
Your data may be at risk if your listings contain content on a server which is HTTP. For example, if your cascading style sheets (CSS), images, or HTML5 video in your listings are hosted over HTTP, they may be impacted and labelled as ‘not secure’.
 
 

How eBay is protecting your security

--Paragraph Start--

To coincide with Google's change, eBay listings with HTTP content will feature key snippets of the item description and a button reading "See full item description," putting the complete description just one click away, as shown below. This experience is similar to how buyers already view all listings on mobile, and the mobile experience will not change. Item descriptions that are HTTPS-compliant will continue to display the full description as normal.

From October 2017 to February 2018:

For sellers who don’t make the required changes, non-secure listings will show a disclaimer and be marked as ‘Not Secure’ by browsers.

From March 2018 onwards:

For non-secure listings, buyers will see a snippet of the item description and will also require buyers to click an additional button (one click away) to see the full item description.

In order to avoid any impact on the shopping experience, we recommend you update your hosting solution to HTTPS, or if there are any images in your item description, upload them directly to your listing.

For US sites only, all eBay non-secure listings will be one click away from October 2017.

--Important Content Start--
IMPORTANT

This is only impacting buyers on desktop, the mobile and in-app experience will remain the same.

--Important Content End--
--Paragraph End--

 

 

How do you benefit?


  • Buyers will feel more confident and secure in doing business with you
  • Secure and reliable place to buy and sell
  • Increased privacy for your business
  • Being aligned with industry standards.
--Paragraph End--

 

 

What do you need to do?

--Paragraph Start--

Sellers should update the HTTP content in listing descriptions including self-hosted images in the photo gallery to HTTPS by early October 2017. This includes all externally hosted images submitted via listing APIs and feeds.

We are providing a tool to help check your listing compliance and instructions on how to update your listings.

Check your listings now

--Paragraph End--
--Paragraph Start--

How to secure your listings:

To remove HTTP content and make sure buyers can see your full item description in the listing page, follow these steps:

  1. Use this tool to identify your eBay listings that contain non-secure, HTTP content
  2. If the tool flags non-secure content, determine if the third-party websites you use to host content, commonly called domains, are compliant with the stronger browser security standards (HTTPS). You may be able to find this information on the host domain's website or by contacting the domain. eBay is also working with domains to ensure that as many as possible are prepared for the October updates to strengthen browser security
  3. When you've confirmed that your host domains support HTTPS, find all uses of "HTTP" in your listings and replace them with "HTTPS". eBay's bulk edit tool can help you make this change 200 listings at a time. In the Seller Hub "Listings" tab, select noncompliant listings, click Edit, then Edit fields, and select Item description. In the Item description field, click the drop down to select Edit listings in bulk - find and replace
  4. If a host domain is not compliant with the stronger browser security standards, and you wish for the full item description to be displayed, remove content hosted on that domain from your listing. Once they are HTTPS compliant you can reinstate the content into your listings.
  5. If you use a third-party selling solution, contact your provider for assistance in identifying and updating non-secure content, and making your listings HTTPS compliant.
--Paragraph End--
--Important Content Start--
TIP:

Use our tool designed to help you simply identify listings that are not HTTPS compliant - Check your listings now.

--Important Content End--

 

Common HTTP Content

--Paragraph Start--

Below are some of the most common kinds of content found in sellers’ listings, store templates, and elsewhere that may be using nonsecure, HTTP URLs.

Externally hosted pictures:

  • Listing descriptions: <img src="http://xyz.com.au/..." alt="Sample Text" height="42" width="42">
  • Product variants, in multi-variation listings: <img src="http://xyz.com.au/..." alt="Sample Text" height="42" width="42">
  • The Trading API (and related APIs): <PictureURL> http://xyz.com.au/</PictureURL>
  • The Inventory API: "imageUrls": [ "http://xyz.com.au/" ]
  • The Merchant Integration Platform (MIP): Product feed, Combined feed

Cascading style sheets (CSS):

  • References to CSS resources: <link rel="stylesheet" type="text/css" href="http://xyz.com.au/...">
  • References within CSS:
    - body { background-image: url("http://xyz.com.au/abc.gif”); }
    - .banner { background: url("http://xyz.com.au/banner.png");
    - ul { list-style: square url(http://xyz.com.au/block.png);}

HTML5 video:
 <video width="10" height="10" controls>
      <source src="http://xyz.com..au/" type="video/mp4">
</video>

HTML5 audio:
 <audio controls>
    <source src="http://xyz.com.au/" type="audio/mpeg">
</audio>

 

--Paragraph End--

 

FAQs

 

NEXT

NEXT ARTICLE