SEO Guide Step 7: Obulamu — Ekifaananyi Google Ekyetaagisa mu 2026
SEO Guide Step 7: Obulamu
Ekisumuluzo kino kiri mu 13-Step SEO Guide. Obulamu si kusiima abayizi nyo — kikola ku kitiibwa kyo ku nseko. Google yakozesa HTTPS ng'ekikozesebwa mu kutulaganya okuva mu 2014, era ebiteeso byongedde okunaddirira.
Abaziyizi abasinga bategeera obulamu ng’ekintu ekiri ku mwanya gumu: "Tulina SSL, tuli mu bulamu." Mu nkyukakyuka, Google ekola ku nsonga z'abulamu eziriko amapeeka. Ebisale nga bisanga amasinzi g'ekikozesebwa ky'amasimu, amawandiiko ag'ekikozesebwa, n'okusaba ennyo, birina okufuna ebisanyizo ebitalina SSL ekya bulijjo — bw'ogudde nga ebyo binaamateeke.
Ebikyusa: Ebbulamu erimu eddako lyayo mu kutabaanyisa. Omaliriza okukola obulamu ku busobozi bumu, era zijja kukusongereza mu byokuyita.
SSL Configuration
SSL (technically TLS) ekola ku müqera ogusobola okusalinamu n'abalaba. Mu kkumi eza 2014, Google ekirangika wikiri HTTPS nga ekikozesebwa mu kutabaniya. Mu 2026, okusalira SSL kukyadduka si wo kyokka beeyita mu kukyusa, waholayo HTTP y'ekitiibwa ogubaddewo obuyinika ku basinzira.
Ebyetaago eby'ekika ky'SSL:
| Ebyetaago | Kiki | Otwolako Okwetegereza | |-----------|------|----------------------| | Okwandikira kwalina okufunirwa | Buwaka = ampeera ya bharowa = abaziyizi bafa | Tuwandiike ow'ekyokulabira | | Zaana ezireeta | Ebize mupya - zifuuka ku mateeka g'te kinuzi | SSL Labs test | | TLS 1.2+ | Enkugga ezidala ziri mu mbeera | SSL Labs test | | Tewezisa SHA-1 | Zikugula, ampeera ziteeka | Wandiika ku byawandiikidwa | | SAN ekirina ekizikuba | www ne non-www byetaagisa okubiddwa | Wandiika ku byawandiikidwa | | Okwesigamizibwa mu kutandikibwa | Kivve eddako okuyingiza | Let's Encrypt / omuteekemuko |
Ebyateekeddwa ku SSL:
100% = Okwandikiddwa + Zaana ezireeta + TLS 1.3 + Cipher eyekika + Okwesigamizibwa mu kutandikibwa
0% = Okwandikiddwa okasokose ettemu
Ebyokulabirako mu SSL:
- Okwandikiddwa okatandika okumala — Teekwa mu nkyukakyuka (Ekisumuluzo 6) okung'abakisaa nga 30 days mberi
- Zaana zikezika — Server tezika balina obulungi bwokulwanagana, saako omuwandiiko
- Obusanduuko obuziba — HTTPS pumikiriza HTTP ebikola (ebikakali, ebikatikale, obukodyo)
- Obutalina muzizukiriza — HTTP → HTTPS → HTTP obusanduka obukozesebwa
- Obulamu bwa hwekuya — Okwandikiddwa eya kimu naye obulamwi teyawanga
Ozzi: Kola nkola ennyungira - genda ku SSL Labs (ssllabs.com/ssltest). Buli mubasa omukisa oguli mu "A" tangali munfufunya. Ekitabi e mikutu egimeka ku nsingo zino okufuna okukozi.
Obulamu bw'amasimu
Obulamu bw'amasimu buva mu HTTP ekitondera ekitanukiramu ky'ekizikuba ku nkolagana ey'okukola mu Basi. Bujja kennyambala ebikozesebwa byobulamu — era Google eyagaba mu kukola.
Ebigyenda mu masimu:
Content-Security-Policy (CSP)
CSP ye kye kimu ekikaa ky'amasimu. Kiki kye kizuukidya mu nkolagana ya (ebikata, obukodyo, ebifaananyi) bw'obweka obwetegere.
Content-Security-Policy: default-src 'self'; script-src 'self' https://cdn.example.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.example.com; frame-ancestors 'none';
Kiki CPI ky'ekyusiza:
- Obukage okuzungula (XSS)
- Ebiseera ebikengera
- Clickjacking (nga
frame-ancestors) - Okukola okwefuna ku bupya (cryptominers, abakozi b'amasimu)
CSP eyo ennyingi:
- Tandika ne
Content-Security-Policy-Report-Only(okwereza ku buleso nga tewefuna) - Tuwezesa ow'ekiri ku mpandi
- Wandiike ku nsonga ezisembayo
- Njaga ku murundi ogwenkanzi
- Wandiike ku
report-uriobareport-toku kudda k'ekirina
X-Frame-Options
Ekitandiko ky'obalemu ku maawega mu olo ovo mu byekikozesebwa (okwegatta ku clickjacking).
X-Frame-Options: DENY
Oba bw'oleeta kuwoza kubanga basoluzi nga baari mu:
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options
Ekitandiko ky'obalemu ku crumbs seka y'obasimu (okuzitema maanyi mu mberera z'obuyinika).
X-Content-Type-Options: nosniff
Ekizikuba kino kisalirako eby'ekusooka bw'ombaliramu obulungi bdando bisakiriza browser.
Referrer-Policy
Ekola ku kayinda baasa ababeera ng'aluukirira abataze otuwandiika blaa.
Referrer-Policy: strict-origin-when-cross-origin
Ekitandiko kya kimu ku nsonga eyangukiriza ebinjaa ebyemizannyo.
Permissions-Policy
Ekola ku maanyi g'amasimu (kamera, microphone, g'e’olakuruga, etc.) okukozesebwa mu w’engnizo.
Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=()
Okutweeza amanyi g'ekikozesebwa, kyekuzita kkoloni ezirembako zaana z'obuwangugazi.
Okwesigatuza ku kye gikuze (Next.js):
// next.config.js
module.exports = {
async headers() {
return [{
source: '/(.*)',
headers: [
{ key: 'X-Content-Type-Options', value: 'nosniff' },
{ key: 'X-Frame-Options', value: 'SAMEORIGIN' },
{ key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
{ key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
{ key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains; preload' },
]
}]
}
}
Okwesigatuza (Apache .htaccess):
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Okwesigatuza (Nginx):
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
Ozzi: Wongela amagezi gonna 5 mu nsingo y'akolisiza. Kino kyekkoligana kumanyi n'okukola ebikozesebwa mukan masses.
HSTS Preload
HTTP Strict Transport Security (HSTS) oliva abasa mu HTTPS ku faidi y'oluzi — ng'oyiviramu eddako ly'ekalata. Wangi mu HSTS, okuzikiza abasa bay otingira ku HTTP (okwagala okukalanako) ssaako eddako nga balina HTTPS.
HSTS ekitandiko:
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Ebikutuza:
| Ekikutuza | Kiki | |-----------|------| | max-age=31536000 | Tandika ebigenda mu mwaka 1 (mu s) | | includeSubDomains | Kubeera mu subdomains nobuzibegye | | preload | Osaba okukubakansako mu mmasomo g'obugumu |
HSTS preload list:
Olukuba lwa HSTS ogutatu. Abayizi basanga abalina list egahando agabaaga ng’ekikozesebwa wa HTTPS. Osaba kugwala abasa ku hstspreload.org kiva:
- Abayambalira ba okusaba bazisa HTTPS bw'egana (to feel HTTP buvuya)
- Tewetteka noobw’omu mu kwika
- Ebono (etodo teziwuza)
Ebyetaago ku HSTS preload:
- Ekitakadde HTTPS kungenda
- Zakoza HTTP ataba HTTPS
- HSTS ekitandiko nga
max-age>= 31536000 - HSTS ekitandiko kirimu
includeSubDomains - HSTS ekitandiko kirimu
preload - Subdomains zonna ziteekeddwa HTTPS
Obutakakasa: Osaze ku gattu obutaleeta HSTS preload bw'ekirina HTTPS okuziko. Okweteekako includeSubDomains tulina kyangu etema wabula HTTP subdomain ekuteekeddwa.
Ozzi: Obutakiro Hz mu subdomains zonna, weka wa 'HSTS' ekitandiko ky'ekiketeuka ne ogezesa hstspreload.org. Kisa akakola akongera osaba kiteekwa kugeza.
Okwekenneenya Bizingabiri
Okwekenneenya okw'abalamu ku bizinga ebisinga okwekenne kuita embeera esimaka kwendaabwe mu nkukozesa.
Okwekenneenya ebizibu bikenndemo:
- Siri ku bwakate: WordPress, plugins, JavaScript libraries z'amaanyi akindumu
- Ebigambo ekikangabana:
.env,.git,wp-config.php, database dumps - Okwengyazibwa: Server version headers, debug mode, stack traces
- Ebyakasi: Admin pages okufuna
- Banzimbye/oba Ebyangabi: Ebiyinza na kusiima ku biseera
- Okwetta: Ebyemiziyogo, nsonyi za tinta
Okwekenneeya ezivanio ku mpakasa:
| Platform | Obuzibu Obuwekubirako | Okukyusa | |----------|-----------------------|----------| | WordPress | Ekuze z'ekikozesebwa biwakoma | Okuddagala + WAF | | Shopify | Obuyinza bwewaka | Okuzatule Waka mu kiseera | | Next.js | Ebyebikozesebwa | Auth middleware + biseera | | Static sites | CDN greet | Review cache rules | | Custom | SQL injection | Parameterized queries |
Okwekenneeya ku mpandi:
- Bwejja: Okukiliza okwewandiikiddwa (SSL, amasimu, ebikalu)
- Mu nkyukakyuka: Obuyinza bwekiyitige (npm audit, WordPress plugin scanner)
- Mu kkumi: Obwenkanzi bwama (nze wansusega)
- Okukola: Obuyinza bwokukozganya begenda.
Ozzi: Run npm audit (Node.js) oba onkundusee mu lyric ya most CMS plugins.
Mixed Content
Mixed content biva mu HTTPS page ng'aba okwangu ow'ennabinira (ebifaananyi, ebikozesebwa, stylesheets, iframes) mu HTTP. Kino mwesobele, ekitandiko ku browser okuzza.
Ebiwandiiko mu mixed content:
| Ekikuyita | Tumbokyo | Kiri | Omuyitirivu | |------|----------|---------|------------------| | Active | Mu ssaawa | HTTP script, iframe, CSS | Obuyitaba | | Passive | Mu kugenda | HTTP image, video, audio | Kliketa |
Active mixed content ebawa browser okusalira — kei n'ekkubo lyeyita. Passive mixed content lwegussa naye luwandiika ekitandiko.
Okusaba mixed content:
- Gumba Chrome DevTools → Console
- Tegeka "Mixed Content" ebibasa
- Nnyina, genda kuyo omukumbo (Screaming Frog, LANGR)
Ebiwandiiko mu mixed content:
- Bakoze
http://URLs mu bipangir lye (obuyinza, ebikozesebwa) - Ebiwandiiko (ebitandiko)
- Content (YouTube old embeds, social media widgets)
- CSS
background-imagemu HTTP URLs - Ebikozesebwa mu HTTP
Okusaba mixed content:
<!-- Bad -->
<img src="http://example.com/image.jpg" />
<!-- Good -->
<img src="https://example.com/image.jpg" />
<!-- Best (protocol-relative, adapts to page protocol) -->
<img src="//example.com/image.jpg" />
Okusinza wo (WordPress):
UPDATE wp_posts SET post_content = REPLACE(post_content, 'http://yourdomain.com', 'https://yourdomain.com');
UPDATE wp_postmeta SET meta_value = REPLACE(meta_value, 'http://yourdomain.com', 'https://yourdomain.com');
Ozzi: Genda ku homepage yo mu Chrome, tentanise F12, tegeka Console ku mixed content ebibasa. Okukolanga ebikola nga by'akola - ebyo bibasa ku Google byemuka.
Eby'okutengenkanya ne Google Safe Browsing
Google yemaka ekiweebwe Kidde ku maaso amaka gudde g'e bijja mu nseku ng'ekika bibasa ezigenda. Okubawa buno abendo kulina okuva mu SEO - Google bakolera amawulire agatutakayo ku kiti, nga tebuluga abatuunde buba okusaba okwetegera.
Ekyogera eby'ewakanise:
- Ekitundirwa abasinga abakuye mu enäämu (hacked WordPress, etc.)
- Bamalira obuka obuwakesseru ku mauko obwangya by'obumbwa
- Ahadi yali mu biseera obunyi data ku bu
- Amateeka lya 'yempi' mu byenco
- Abasinga abava wuuta
Kuwola ye Safe Browsing status:
https://transparencyreport.google.com/safe-browsing/search?url=yourdomain.com
Oba mu Google Search Console: Ekifaananyi ky'emmere.
Okubawa:
- Obulamu bwokolalo fo olumuka (CMS, plugins)
- Dalu olw'endito, omanya bulungi + 2FA
- Okwenka ebikya (okusinga taarifa)
- Runakaliko বুডড বী ীandari kibafu mu walumba
- Deze omukuba emikolo ertunga
- Kaluubira nsigo abada abakenisi
Bwetiride wo:
- Komya na okumala etemutaka
- Okusaba obugumu bwokuyita ku abatuuda
- Tewanga nsiko mu Google Search Console
- Ekigaba bwebuli kwema 1-3
- Teremuka mu nsi mu 30 days (ekitanga kyebayye)
Ozzi: Check your site ku transparencyreport.google.com. Bweekabatu bwebasikyamu, ye nga nkooma ku CMS nazo ndaga.
Ebyokubiri ow'Obulamu SEO Checklist
- [ ] Okwandikiddwa SSL certificate ngezizigzizyiza
- [ ] HTTP → HTTPS efuna ku byo (301, tokoya 302)
- [ ] HSTS ekitandiko nga max-age >= 31536000
- [ ] Content-Security-Policy ekitandiko ekinaagazzika
- [ ] X-Content-Type-Options: nosniff
- [ ] X-Frame-Options: DENY or SAMEORIGIN
- [ ] Referrer-Policy: strict-origin-when-cross-origin
- [ ] Permissions-Policy ewaamu ebikozesebwa
- [ ] Tewali mixed content (HTTP resources ku HTTPS pages)
- [ ] Tewali sensitive files ezo (.env, .git, config files)
- [ ] Server version headers ezo
- [ ] Ebika byekasokola/palgana
- [ ] Google Safe Browsing status: clean
- [ ] Ebiwandiiko byenkubawa ne bwaya
- [ ] SRI hashes ku by'yedndiza.
Ebyokuzdaza Aboulcali (Ku binneyok) mu SEO
- Okwandikiddwa SSL certificate — Okuyitibwa okw’amaani + browser warning
- Mixed content — Bwebangi bakaisesti ku bwemiyingaza ekiri mu bulamu
- Tewali binneyok HSTS — Okuyita nabwe mwesana, okweewandi ikiresisni
- Ntiramu CSP — Nkola na ebinyunyuzi besi mulaan/ensula (XSS vector)
- Obukya bw'amaani —
.envne API kwerime,.gitabakawemwako - Siri na kutukana CMS/plugins — Ebikuta ababadde katumba
- Ebbosinsana nofe — Kisingibwa abawandi sine badi tebezi
- Obujjajamusi ku by'daku — Ebizibu ne tumwanzi abamu bw'ogwamuddo
Ekiri mu Magezi?
Ekisumuluzo 8: AI Visibility — Ekizibu mu SEO mu 2026. Okwemuka kwe Google AI Overview, okutuusa mu ChatGPT, okuka kyendire n'ekya Gemini — kimalako mu nsi y'eyiba mu ku bwetegereza.
Ekikozesebwa kino kiri mu 13-step SEO series ya LANGR. Okwemuka k'ekisumuluzo nga olina ku ttuukiriza mwe 13 disciplines.