Skip to main content
Back to blog

SEO Guide Step 7: Saogalemu — O le Fa'avae e Fa' ухудo e Google i le 2026

·10 min read·by LANGR SEO

SEO Guide Step 7: Saogalemu

O le Faiga 7 lea o le 13-Step SEO Guide. E le o le fa'asaʻoina o tagata o loʻo fa'ailoa mai — e fa'aavanoaina ai ma ta'ita'iga le fa'ailoa i le su'esu'e. E fa'ata'ita'ia le Google HTTPS e avea ma fa'ata'uga i le faiga o le su'esu'e talu mai le 2014, ma ua fa'atele fa'amoemoega.

E masani ai le tausaga e manatu i le 'upega tafa'ilagi o se fa'avasega: "E i ai laʻu SSL, o le mea lea e eseese ai." I le foia, e iloilo e Google le to'atele o fa'avae saogalemu. O le 'upega tafa'ilagi e iai fa'avae saogalemu sa'o, fa'amaonia aoga, ma e leai ni fa'avae pa'u o le a'oa'o i le vaega e iai fa'avae SSL e fa'avae i se fa'avae masani.

O le tala lelei: e naʻo se taimi e fai i le to'atele o fa'avae saogalemu. Fa'atufuga i se taimi, ma e puipuia ai oe i le tumau.

Fa'avae SSL

O le SSL (i tekinolosi TLS) e puipuia le feso'ota'iga i le va o lau server ma bisita. Mai le 2014, ua fa'amaonia e Google HTTPS e avea ma fa'ata'uga i le faiga o le su'esu'e. I le 2026, e le o se fa'asalaga o le le iai o HTTPS - e fa'ailoga e Chrome i le HTTP o le 'upega tafa'ilagi o "E le Saogalemu" i le fa'avaa fa'inomai, fa'ate'a le fa'atuatuaga o tagata.

Fa'avae e tatau ona i ai i le SSL:

| Fa'avae | Fa'amatalaga | Fa'avae e Siaki | |---------|--------------|-----------------| | Fa'amaonia aoga | Fa'amalie = fa'ailoga a le 'aiga = fa'atuai tagata | Fa'amalie le aso e ta'ua | | Fa'avaega uma | E leʻo taua i le soifuaga ile to'atele o masini | Siaki SSL Labs | | TLS 1.2+ | O fa'avae tuai e iai fa'ata'itiga e iloa | Siaki SSL Labs | | Leai SHA-1 | Fa'amaonia, e fa'amaonia e le fa'atinoga | Fa'amatalaga fa'amaonia | | SAN coverage | www ma le non-www e tatau ona i ai le fa'avae | Fa'amatalaga fa'amaonia | | Automa'ota atu | Fa'avae i le fa'amaonia o 'aiga i le leamu | Lets Encrypt / fa'avae fa'avae |

Fa'avae SSL:

100% = Fa'amaonia aoga + Fa'avaega uma + TLS 1.3 + Fa'avae malosi + Automa'ota atu
  0% = Fa'amaonia le le aoga poʻo le le iai

Aiga fa'avae maʻua:

  1. Fa'amaonia expire e aunoa ma se fa'ailoga — Fa'atūina le su'esu'e (Faiga 6) i le itiiti ifo i le 30 aso aʻo le'i fa'avae
  2. Fa'avaega fa'amaonia e le iu — E tatau i le server ona lafoina fa'amaonia 'au intermediate, e le gata i le 'ai
  3. Fea fa'avaa o fa'avae — E fa'asa le fa'avaa HTTP o le faiga HTTPS (ata, scripts, fa'avae)
  4. Vaega fa'alu'pe — HTTP → HTTPS → HTTP pei ona foliga mai i le fa'amolemole CDN/proxy
  5. Lelei- fa'avaega*

Fa'avae sa'o: Pusia lau upega tafa'ilagi i totonu o SSL Labs (ssllabs.com/ssltest). E le lelei i lalo o le fa'aiga "A" e fa'avae i fa'agaoioiga aoga. E to'atele fa'avae su'esu'e e le mafai ona fa'amaonia i se fa'avae e tasi.

Fa'avae Saogalemu

O fa'avae saogalemu o fa'avae fa'avae HTTP e fai ai e le fa'amatalaga a le browser i le taimi e lafo atu ai o lau 'upega tafa'ilagi. E puipuia ai fa'avae avanoa o le avea — ma e fa'ata'ita'iga e le Google crawlers.

O fa'avae saogalemu taua:

Fa'avae Saogalemu i Ta'iala (CSP)

O le CSP o le fa'avae saogalemu e sili ona malosi. E ta'uina atu i le fa'amatalaga i le browser i tusitusiga o fa'avae (scripts, styles, images, fonts) e ogatasi e aunoa ma fa'atuatuga i le laumua.

Content-Security-Policy: default-src 'self'; script-src 'self' https://cdn.example.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.example.com; frame-ancestors 'none';

O le mea e puipuia e le CSP:

  • Fa'avae le fa'ava e le fa'aogaina (XSS)
  • Fa'avae i le fa'aoogaina o fa'ailoga
  • Fa'avae o le fa'amaonia (ma le frame-ancestors)
  • Fa'avae 'aiga 'ai le scripts (cryptominers, ad injectors)

Faiga fa'avae CSP:

  1. Fa'amalie i le Content-Security-Policy-Report-Only (fa'amaonia le fa'avaa aoga e aunoa ma le fa'asa)
  2. Fa'amaonia le fa'avae mo le 1-2 vaiaso
  3. Faatufuga fa'ade'iaوانين
  1. Taumafai e le fa'avea
  2. Fa'aopoopo report-uri po'o le report-to mo le su'esu'e ola

X-Frame-Options

E puipuia lau 'upega tafa'ilagi mai le tu'uina i totonu i le iframes i isi fa'amatalaga (puipui i le clickjacking).

X-Frame-Options: DENY

Po'o le isi e te mana'omia e fa'amalie i le faiga fa'avaa-lelei:

X-Frame-Options: SAMEORIGIN

X-Content-Type-Options

E puipuia le browser mai le MIME-type sniffing (fa'amaonia fa'avae i fa'amaonia fa'avae).

X-Content-Type-Options: nosniff

O lenei tasi e puipuia ai fa'avae i le pa'u e iai se fa'amaoniga i le fa'atonuga o le faiga.

Referrer-Policy

E ofuina i le aofa'iga o fa'amatalaga e fa'asu mai i le fa'aogaina e lafo i se faiga i lau 'upega.

Referrer-Policy: strict-origin-when-cross-origin

E ofuina le fa'amaonia i le ta'o i se 'fa'avae e otu oe e fa'ala'iti ai.

Permissions-Policy

E fa'atonutonu i le faiga e mafai ona fa'aaogaina i lau 'upega tafa'ilagi (kameka, microphone, vaega, i le isi).

Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=()

E taula'i uma le vaega e le'i fuafuaina e fa'aogaina ai i le fa'atekinolosi.

Fa'ata'iga fa'avae (Next.js):

// next.config.js
module.exports = {
  async headers() {
    return [{
      source: '/(.*)',
      headers: [
        { key: 'X-Content-Type-Options', value: 'nosniff' },
        { key: 'X-Frame-Options', value: 'SAMEORIGIN' },
        { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
        { key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
        { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains; preload' },
      ]
    }]
  }
}

Fa'ata'iga fa'avae (Apache .htaccess):

Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Fa'ata'iga fa'avae (Nginx):

add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

Fa'avae sa'o: Fa'aopoopo uma le fa'avae e 5 i lalo i lau fa'atulagaga server. E fekau e 5 minute ma e mafai ona toe va'ai i lau saogalemu i so'o se masini su'esu'e.

HSTS Preload

O le HTTP Strict Transport Security (HSTS) e ta'uina atu i le fa'amatalaga e fa'amalie ai i le fa'avae ma HTTPS mo lau faiga — e o'o i le taimi e tasi e aunoa ma le lafo lona fa'amaoniga muamua. E le'i fa'aiga HSTS, e mafai ona fa'asa le muamua asiga i lau 'upega i HTTP (maualuga i le fa'ava) a'o le faia le fa'asa i le HTTPS.

Fa'avae HSTS:

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

O le to'atolu o fa'avae:

| Fa'avae | Fa'amatalaga | |---------|--------------| | max-age=31536000 | Manatua lenei mo le 1 tausaga (i le second) | | includeSubDomains | Fa'atulagaga i tamaiti uma | | preload | Talosaga mo le faʻaogaina i fa'avaa i le browser |

HSTS preload fa'avae:

O le saogalemu HSTS i le faigaluega. E ta'onai i tagata o le browser e fa'avae i totonu o le faiga e ta'uina atu i faiga e manaʻomia e fa'aaoga ai HTTPS. O le fa'amaonia o lau faiga i le hstspreload.org e taua:

  • E mafai ona fa'aogaina uma i le HTTPS i le taimi muamua (e leai se HTTP → HTTPS redirection)
  • E le mafai i tagata tāua e te le avanoa i feso'ota'iga
  • E tumau (fa'apea e faigaluega e le mafai ona fa'asa i le taimi e tasi)

Fa'avae mo le HSTS preload:

  1. Fa'amalie HTTPS fa'avae aoga
  2. Le fa'avae uma le HTTP i HTTPS (o le fa'avaa)
  3. Fa'avae HSTS e iai le max-age >= 31536000
  4. Fa'avae HSTS e tatau ona i ai le includeSubDomains
  5. Fa'avae HSTS e tatau ona iai le preload
  6. O tamaiti uma e tatau ona saolu HTTPS

Fa'yin: Ia faavaa i le preload e na'o le fo'i mai o tamaiti uma e ta'uina mai HTTPS. O le 'includeSubDomains' e fa'asi ai i se fa'avaa mo le HTTP e le fa'amaonia.

Fa'avae sa'o: Afai e mafai ona e tuʻuina mai i tamaiti uma e uma HTTPS, fa'aopoopo le fa'avae HSTS atoa ma fa'amaonia i hstspreload.org. E fa'auluina lenei i se vaiaso e tele fa'amatalaga i le auala e.l.

Su'esu'e V vai'i

E faʻapipiʻi le fa'aleaga i le va'aiga ma fa'inaoga o fa'avaa e iloa ai mataupu o le 'i' a fa'aoga le saofai i ai o ia e fa'atufuga ai e le fa'aogaina.

O le su'esu'e i le vaivaiga e siaki:

  • Fa'avae fa'ala'aiga: WordPress, plugins, JavaScript libraries o le nofoaga i le fa'ailoga e te iloa
  • Fa'avaa i le fa'atufuga: .env, .git, wp-config.php, fa'ailoga umi
  • Fa'avaa na'o ia pu'ega: Server fa'avaa, debug faiga, stack traces
  • Fa'avae a'u i le fa'aoga: Fa'afanua fa'aaiga ma le fa'agasologa i se fa'ava
  • Port/services i le su'esu'e: O fa'afu'aga tetele i luga o le internet
  • Fa'avega: Faiga e leai, e leai

Fa'avae i le elei i le fa'amama:

| O le faiga | Ta'ita'iga Fa'avaa | Fa'afa'ia | |--------------|-----------------------|---------| | WordPress | Fa'avaa fa'avae fa'avae | Fa'afana'i + WAF | | Shopify | Matua aiga fa'avasega o faiga | Fa'agae'i ile fa'avae | | Next.js | Fa'avae api e le talia | Fa'amalie faiga + fa'amau | | O faiga static | Fa'avaa to'atele i le fa'avae | Previews bad aiga | | Fa'avaa / e tu'utufuga e fo'ia | SQL fa'ava fa'a | Fuatia fa'avae |

O le vaevaega e le mana'omia:

  • Taeao: Fa'avae i le ta'iao (SSL, fa'avae, fa'avaa i le faiga)
  • Vaitau: Fa'avae i le vaitanuga ai (fa'auniga + fa'avaa mo WordPress)
  • Masini: Faʻamatalaga i le fa'avalue
  • I le taimi e taʻoto ai: Faʻamatalaga i le su'esuʻe

Fa'avaa: Fa'avaa npm audit (Node.js) po'o fa'amalie lau fa'avaa mo plugin i le fa'amatalaga o fa'avae. Fa'amalie i fa'inavae o le tetele/fa'ava.

Mixed Content

O le mixed content o lo'o fa'avae i fa'avaa HTTPS e fa'aminia i le va fa'avaa i HTTP. O le a le fa'aputu pu'inami e break encryption e matuā faʻamolemole.

O ituaiga fa'avae:

| Ituaiga | Fa'avae | Fa'avae | Fa'avaa | |------|----------|---------|------------------| | Fa'avae | Lelei | Fa'avae | Fa'avaa e fa'afa'ali | | Fa'avae | Aiga | Uiga | Fa'ailoga |

E tupu fa'avae e aunoa ma le fa'aofi ai e nei fa'avae po'o le fa'avae HTTPS e fa'oa ia aʻoa'oga. E iai foi faiga e fa'avae i fa'avae i fa'avaa.

Fa'avaa fa'ava:

  1. Fa'avaa e su'esu'e.
  2. Fa'atuina su'esu'e.
  3. Fa'aolai ai moliga.

O vao e leai o deprefakao sa se i fa'ale fa'ava tuai.

Euler: E fa'ataga ia i totonu i luga i

  1. Fa'afa команда
  2. Fa'afa
    3. E le faʻafilemu i luga e te mafai ona aoga mo le telefoni uma.

---
O lenei fa'avaa o le vaega lea o le fa'atalaga o le fa'avae SEO. [Fa'amalie se su'esu'e e leai se totogi](https://www.google.com/search?q=langr+seo+free+audit) e ta'uina mai ai i lau soifuaga e le ta'uina atu i totonu o le fa'avae 13.

Want to know where your site stands?

Run a free SEO audit — it takes under 60 seconds.

Recently Analyzed

fpg.pt75flame.pt82kiosquedaaviacao.pt78alrm.pt87trimetrica.com.pt76stimpostos.pt81

Related articles

SEO Ta'iala Fa'amatalaga 13: E-commerce SEO — Fa'aleleia le Fiji o Oloa i totonu o Masini Fa'atau

A'oa'o i le fa'aleleia o le fatu o oloa, tetele o lau vaega, fa'avae o faʻatau, ma le schema markup mo fale fa'atau e-commerce. O le Ta'iala Fa'atekinolosi Leai 13 o le 13-ta'iala SEO.

11 min read

SEO Fa'avae i le Laasaga 12: SEO I Luga i le Itumalo — Tetele i lau Aiga i siaki fa'atau

A'oa'o le fa'avae i le Local Pack a Google, fa'aleleia lau Google Business Profile, ma fa'atuina se pule i le itumalo. Laasaga 12 o le SEO fa'avae i le 13.

10 min read

SEO Taiala Laasaga 11: B2B Suʻesuʻe o Leai — Faʻaʻatuina ai Faamaoniga SEO i Leai Faʻamaonia

Aʻo leʻi aʻoaʻoina e faaaoga le faamaoniga SEO mo le faiga faakomepiuta o le faatupuina lea, suʻeina o tagata manaʻomia i le auala SEO, faatulagaga o taʻiala e tusa ai ma faamaoniga SEO, ma le faamaualuga e faavae i luga o faʻamataliga SEO. Laasaga 11 o le taiala SEO e 13.

13 min read