Google Chrome to Show Security Warnings on HTTP Pages


As we know Google is all about improving the web and the way we interact with websites and its desire to create a more secure internet. To give you a little backstory, in August 2014 Google announced a call for HTTPS to be used everywhere on every website by giving a Google search ranking boost for websites with HTTPS encryption. With the latest update from Google Search Console, we see that Google wants to push even further with their secure internet concept by adding a “NOT SECURE” warning when users enter text in a form on an HTTP page using Google Chrome browser.

What is HTTPS?

(HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:

  1. Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
  2. Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
  3. Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

What’s Happening after October 2017?

Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode. The new warning is part of a long-term plan to mark all pages served over HTTP as “not secure”.

How to fix it?

  1. Switch your site from HTTP to HTTPS
  2. Use robust security certificates
  3. Use server-side 301 redirects
  4. Verify that your HTTPS pages can be crawled and indexed by Google
  5. Support HSTS
  6. Consider using HSTS preloading

If all of the above sounds gibberish to you, but you have a website that you want to secure, give us a call or email us, if you are an existing client of digilite watch out for an email from our team regarding the above-mentioned article.