Skip to main content
Back to blog

SEO Guide Step 7: Obulamu — Ekifaananyi Google Ekyetaagisa mu 2026

·9 min read·by LANGR SEO

SEO Guide Step 7: Obulamu

Ekisumuluzo kino kiri mu 13-Step SEO Guide. Obulamu si kusiima abayizi nyo — kikola ku kitiibwa kyo ku nseko. Google yakozesa HTTPS ng'ekikozesebwa mu kutulaganya okuva mu 2014, era ebiteeso byongedde okunaddirira.


Abaziyizi abasinga bategeera obulamu ng’ekintu ekiri ku mwanya gumu: "Tulina SSL, tuli mu bulamu." Mu nkyukakyuka, Google ekola ku nsonga z'abulamu eziriko amapeeka. Ebisale nga bisanga amasinzi g'ekikozesebwa ky'amasimu, amawandiiko ag'ekikozesebwa, n'okusaba ennyo, birina okufuna ebisanyizo ebitalina SSL ekya bulijjo — bw'ogudde nga ebyo binaamateeke.

Ebikyusa: Ebbulamu erimu eddako lyayo mu kutabaanyisa. Omaliriza okukola obulamu ku busobozi bumu, era zijja kukusongereza mu byokuyita.

SSL Configuration

SSL (technically TLS) ekola ku müqera ogusobola okusalinamu n'abalaba. Mu kkumi eza 2014, Google ekirangika wikiri HTTPS nga ekikozesebwa mu kutabaniya. Mu 2026, okusalira SSL kukyadduka si wo kyokka beeyita mu kukyusa, waholayo HTTP y'ekitiibwa ogubaddewo obuyinika ku basinzira.

Ebyetaago eby'ekika ky'SSL:

| Ebyetaago | Kiki | Otwolako Okwetegereza | |-----------|------|----------------------| | Okwandikira kwalina okufunirwa | Buwaka = ampeera ya bharowa = abaziyizi bafa | Tuwandiike ow'ekyokulabira | | Zaana ezireeta | Ebize mupya - zifuuka ku mateeka g'te kinuzi | SSL Labs test | | TLS 1.2+ | Enkugga ezidala ziri mu mbeera | SSL Labs test | | Tewezisa SHA-1 | Zikugula, ampeera ziteeka | Wandiika ku byawandiikidwa | | SAN ekirina ekizikuba | www ne non-www byetaagisa okubiddwa | Wandiika ku byawandiikidwa | | Okwesigamizibwa mu kutandikibwa | Kivve eddako okuyingiza | Let's Encrypt / omuteekemuko |

Ebyateekeddwa ku SSL:

100% = Okwandikiddwa + Zaana ezireeta + TLS 1.3 + Cipher eyekika + Okwesigamizibwa mu kutandikibwa
  0% = Okwandikiddwa okasokose ettemu

Ebyokulabirako mu SSL:

  1. Okwandikiddwa okatandika okumala — Teekwa mu nkyukakyuka (Ekisumuluzo 6) okung'abakisaa nga 30 days mberi
  2. Zaana zikezika — Server tezika balina obulungi bwokulwanagana, saako omuwandiiko
  3. Obusanduuko obuziba — HTTPS pumikiriza HTTP ebikola (ebikakali, ebikatikale, obukodyo)
  4. Obutalina muzizukiriza — HTTP → HTTPS → HTTP obusanduka obukozesebwa
  5. Obulamu bwa hwekuya — Okwandikiddwa eya kimu naye obulamwi teyawanga

Ozzi: Kola nkola ennyungira - genda ku SSL Labs (ssllabs.com/ssltest). Buli mubasa omukisa oguli mu "A" tangali munfufunya. Ekitabi e mikutu egimeka ku nsingo zino okufuna okukozi.

Obulamu bw'amasimu

Obulamu bw'amasimu buva mu HTTP ekitondera ekitanukiramu ky'ekizikuba ku nkolagana ey'okukola mu Basi. Bujja kennyambala ebikozesebwa byobulamu — era Google eyagaba mu kukola.

Ebigyenda mu masimu:

Content-Security-Policy (CSP)

CSP ye kye kimu ekikaa ky'amasimu. Kiki kye kizuukidya mu nkolagana ya (ebikata, obukodyo, ebifaananyi) bw'obweka obwetegere.

Content-Security-Policy: default-src 'self'; script-src 'self' https://cdn.example.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.example.com; frame-ancestors 'none';

Kiki CPI ky'ekyusiza:

  • Obukage okuzungula (XSS)
  • Ebiseera ebikengera
  • Clickjacking (nga frame-ancestors)
  • Okukola okwefuna ku bupya (cryptominers, abakozi b'amasimu)

CSP eyo ennyingi:

  1. Tandika ne Content-Security-Policy-Report-Only (okwereza ku buleso nga tewefuna)
  2. Tuwezesa ow'ekiri ku mpandi
  3. Wandiike ku nsonga ezisembayo
  4. Njaga ku murundi ogwenkanzi
  5. Wandiike ku report-uri oba report-to ku kudda k'ekirina

X-Frame-Options

Ekitandiko ky'obalemu ku maawega mu olo ovo mu byekikozesebwa (okwegatta ku clickjacking).

X-Frame-Options: DENY

Oba bw'oleeta kuwoza kubanga basoluzi nga baari mu:

X-Frame-Options: SAMEORIGIN

X-Content-Type-Options

Ekitandiko ky'obalemu ku crumbs seka y'obasimu (okuzitema maanyi mu mberera z'obuyinika).

X-Content-Type-Options: nosniff

Ekizikuba kino kisalirako eby'ekusooka bw'ombaliramu obulungi bdando bisakiriza browser.

Referrer-Policy

Ekola ku kayinda baasa ababeera ng'aluukirira abataze otuwandiika blaa.

Referrer-Policy: strict-origin-when-cross-origin

Ekitandiko kya kimu ku nsonga eyangukiriza ebinjaa ebyemizannyo.

Permissions-Policy

Ekola ku maanyi g'amasimu (kamera, microphone, g'e’olakuruga, etc.) okukozesebwa mu w’engnizo.

Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=()

Okutweeza amanyi g'ekikozesebwa, kyekuzita kkoloni ezirembako zaana z'obuwangugazi.

Okwesigatuza ku kye gikuze (Next.js):

// next.config.js
module.exports = {
  async headers() {
    return [{
      source: '/(.*)',
      headers: [
        { key: 'X-Content-Type-Options', value: 'nosniff' },
        { key: 'X-Frame-Options', value: 'SAMEORIGIN' },
        { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
        { key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
        { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains; preload' },
      ]
    }]
  }
}

Okwesigatuza (Apache .htaccess):

Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Okwesigatuza (Nginx):

add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

Ozzi: Wongela amagezi gonna 5 mu nsingo y'akolisiza. Kino kyekkoligana kumanyi n'okukola ebikozesebwa mukan masses.

HSTS Preload

HTTP Strict Transport Security (HSTS) oliva abasa mu HTTPS ku faidi y'oluzi — ng'oyiviramu eddako ly'ekalata. Wangi mu HSTS, okuzikiza abasa bay otingira ku HTTP (okwagala okukalanako) ssaako eddako nga balina HTTPS.

HSTS ekitandiko:

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Ebikutuza:

| Ekikutuza | Kiki | |-----------|------| | max-age=31536000 | Tandika ebigenda mu mwaka 1 (mu s) | | includeSubDomains | Kubeera mu subdomains nobuzibegye | | preload | Osaba okukubakansako mu mmasomo g'obugumu |

HSTS preload list:

Olukuba lwa HSTS ogutatu. Abayizi basanga abalina list egahando agabaaga ng’ekikozesebwa wa HTTPS. Osaba kugwala abasa ku hstspreload.org kiva:

  • Abayambalira ba okusaba bazisa HTTPS bw'egana (to feel HTTP buvuya)
  • Tewetteka noobw’omu mu kwika
  • Ebono (etodo teziwuza)

Ebyetaago ku HSTS preload:

  1. Ekitakadde HTTPS kungenda
  2. Zakoza HTTP ataba HTTPS
  3. HSTS ekitandiko nga max-age >= 31536000
  4. HSTS ekitandiko kirimu includeSubDomains
  5. HSTS ekitandiko kirimu preload
  6. Subdomains zonna ziteekeddwa HTTPS

Obutakakasa: Osaze ku gattu obutaleeta HSTS preload bw'ekirina HTTPS okuziko. Okweteekako includeSubDomains tulina kyangu etema wabula HTTP subdomain ekuteekeddwa.

Ozzi: Obutakiro Hz mu subdomains zonna, weka wa 'HSTS' ekitandiko ky'ekiketeuka ne ogezesa hstspreload.org. Kisa akakola akongera osaba kiteekwa kugeza.

Okwekenneenya Bizingabiri

Okwekenneenya okw'abalamu ku bizinga ebisinga okwekenne kuita embeera esimaka kwendaabwe mu nkukozesa.

Okwekenneenya ebizibu bikenndemo:

  • Siri ku bwakate: WordPress, plugins, JavaScript libraries z'amaanyi akindumu
  • Ebigambo ekikangabana: .env, .git, wp-config.php, database dumps
  • Okwengyazibwa: Server version headers, debug mode, stack traces
  • Ebyakasi: Admin pages okufuna
  • Banzimbye/oba Ebyangabi: Ebiyinza na kusiima ku biseera
  • Okwetta: Ebyemiziyogo, nsonyi za tinta

Okwekenneeya ezivanio ku mpakasa:

| Platform | Obuzibu Obuwekubirako | Okukyusa | |----------|-----------------------|----------| | WordPress | Ekuze z'ekikozesebwa biwakoma | Okuddagala + WAF | | Shopify | Obuyinza bwewaka | Okuzatule Waka mu kiseera | | Next.js | Ebyebikozesebwa | Auth middleware + biseera | | Static sites | CDN greet | Review cache rules | | Custom | SQL injection | Parameterized queries |

Okwekenneeya ku mpandi:

  • Bwejja: Okukiliza okwewandiikiddwa (SSL, amasimu, ebikalu)
  • Mu nkyukakyuka: Obuyinza bwekiyitige (npm audit, WordPress plugin scanner)
  • Mu kkumi: Obwenkanzi bwama (nze wansusega)
  • Okukola: Obuyinza bwokukozganya begenda.

Ozzi: Run npm audit (Node.js) oba onkundusee mu lyric ya most CMS plugins.

Mixed Content

Mixed content biva mu HTTPS page ng'aba okwangu ow'ennabinira (ebifaananyi, ebikozesebwa, stylesheets, iframes) mu HTTP. Kino mwesobele, ekitandiko ku browser okuzza.

Ebiwandiiko mu mixed content:

| Ekikuyita | Tumbokyo | Kiri | Omuyitirivu | |------|----------|---------|------------------| | Active | Mu ssaawa | HTTP script, iframe, CSS | Obuyitaba | | Passive | Mu kugenda | HTTP image, video, audio | Kliketa |

Active mixed content ebawa browser okusalira — kei n'ekkubo lyeyita. Passive mixed content lwegussa naye luwandiika ekitandiko.

Okusaba mixed content:

  1. Gumba Chrome DevTools → Console
  2. Tegeka "Mixed Content" ebibasa
  3. Nnyina, genda kuyo omukumbo (Screaming Frog, LANGR)

Ebiwandiiko mu mixed content:

  • Bakoze http:// URLs mu bipangir lye (obuyinza, ebikozesebwa)
  • Ebiwandiiko (ebitandiko)
  • Content (YouTube old embeds, social media widgets)
  • CSS background-image mu HTTP URLs
  • Ebikozesebwa mu HTTP

Okusaba mixed content:

<!-- Bad -->
<img src="http://example.com/image.jpg" />

<!-- Good -->
<img src="https://example.com/image.jpg" />

<!-- Best (protocol-relative, adapts to page protocol) -->
<img src="//example.com/image.jpg" />

Okusinza wo (WordPress):

UPDATE wp_posts SET post_content = REPLACE(post_content, 'http://yourdomain.com', 'https://yourdomain.com');
UPDATE wp_postmeta SET meta_value = REPLACE(meta_value, 'http://yourdomain.com', 'https://yourdomain.com');

Ozzi: Genda ku homepage yo mu Chrome, tentanise F12, tegeka Console ku mixed content ebibasa. Okukolanga ebikola nga by'akola - ebyo bibasa ku Google byemuka.

Eby'okutengenkanya ne Google Safe Browsing

Google yemaka ekiweebwe Kidde ku maaso amaka gudde g'e bijja mu nseku ng'ekika bibasa ezigenda. Okubawa buno abendo kulina okuva mu SEO - Google bakolera amawulire agatutakayo ku kiti, nga tebuluga abatuunde buba okusaba okwetegera.

Ekyogera eby'ewakanise:

  • Ekitundirwa abasinga abakuye mu enäämu (hacked WordPress, etc.)
  • Bamalira obuka obuwakesseru ku mauko obwangya by'obumbwa
  • Ahadi yali mu biseera obunyi data ku bu
  • Amateeka lya 'yempi' mu byenco
  • Abasinga abava wuuta

Kuwola ye Safe Browsing status:

https://transparencyreport.google.com/safe-browsing/search?url=yourdomain.com

Oba mu Google Search Console: Ekifaananyi ky'emmere.

Okubawa:

  • Obulamu bwokolalo fo olumuka (CMS, plugins)
  • Dalu olw'endito, omanya bulungi + 2FA
  • Okwenka ebikya (okusinga taarifa)
  • Runakaliko বুডড বী ীandari kibafu mu walumba
  • Deze omukuba emikolo ertunga
  • Kaluubira nsigo abada abakenisi

Bwetiride wo:

  1. Komya na okumala etemutaka
  2. Okusaba obugumu bwokuyita ku abatuuda
  3. Tewanga nsiko mu Google Search Console
  4. Ekigaba bwebuli kwema 1-3
  5. Teremuka mu nsi mu 30 days (ekitanga kyebayye)

Ozzi: Check your site ku transparencyreport.google.com. Bweekabatu bwebasikyamu, ye nga nkooma ku CMS nazo ndaga.

Ebyokubiri ow'Obulamu SEO Checklist

  • [ ] Okwandikiddwa SSL certificate ngezizigzizyiza
  • [ ] HTTP → HTTPS efuna ku byo (301, tokoya 302)
  • [ ] HSTS ekitandiko nga max-age >= 31536000
  • [ ] Content-Security-Policy ekitandiko ekinaagazzika
  • [ ] X-Content-Type-Options: nosniff
  • [ ] X-Frame-Options: DENY or SAMEORIGIN
  • [ ] Referrer-Policy: strict-origin-when-cross-origin
  • [ ] Permissions-Policy ewaamu ebikozesebwa
  • [ ] Tewali mixed content (HTTP resources ku HTTPS pages)
  • [ ] Tewali sensitive files ezo (.env, .git, config files)
  • [ ] Server version headers ezo
  • [ ] Ebika byekasokola/palgana
  • [ ] Google Safe Browsing status: clean
  • [ ] Ebiwandiiko byenkubawa ne bwaya
  • [ ] SRI hashes ku by'yedndiza.

Ebyokuzdaza Aboulcali (Ku binneyok) mu SEO

  1. Okwandikiddwa SSL certificate — Okuyitibwa okw’amaani + browser warning
  2. Mixed content — Bwebangi bakaisesti ku bwemiyingaza ekiri mu bulamu
  3. Tewali binneyok HSTS — Okuyita nabwe mwesana, okweewandi ikiresisni
  4. Ntiramu CSP — Nkola na ebinyunyuzi besi mulaan/ensula (XSS vector)
  5. Obukya bw'amaani.env ne API kwerime, .git abakawemwako
  6. Siri na kutukana CMS/plugins — Ebikuta ababadde katumba
  7. Ebbosinsana nofe — Kisingibwa abawandi sine badi tebezi
  8. Obujjajamusi ku by'daku — Ebizibu ne tumwanzi abamu bw'ogwamuddo

Ekiri mu Magezi?

Ekisumuluzo 8: AI Visibility — Ekizibu mu SEO mu 2026. Okwemuka kwe Google AI Overview, okutuusa mu ChatGPT, okuka kyendire n'ekya Gemini — kimalako mu nsi y'eyiba mu ku bwetegereza.


Ekikozesebwa kino kiri mu 13-step SEO series ya LANGR. Okwemuka k'ekisumuluzo nga olina ku ttuukiriza mwe 13 disciplines.

Want to know where your site stands?

Run a free SEO audit — it takes under 60 seconds.

Related articles