From October 2017, with the release of Chrome version 62, all websites with any kind of text input (form) will require an SSL certificate if they want to avoid a “NOT SECURE” warning being displayed in the address bar.
This is the latest move from Google as it pushes for a safer web and HTTPS as the default browsing standard.
And it’s reminiscent of the path it took towards making Responsive sites the norm.
Source: Google Security Blog
In August 2014, Google announced that HTTPS was to be used as a ranking signal.
At the time, they said
we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
As of November 2016, more than half of Chrome desktop page loads were served over HTTPS, but the company wants to push that as close to 100 percent as possible.
In January 2017, Chrome began marking HTTP pages as “Not secure” if they had either password or credit card fields (inputs).
But from October 2017, the “Not secure” warning will appear when users enter ANY data on an HTTP page, and on ALL HTTP pages visited in Incognito mode.
Source: Google Chromium Blog
Eventually, Google plans to show the “Not secure” warning for all HTTP pages, even outside Incognito mode.
When it does, the HTTP security indicator will be changed to the red triangle that is currently used for broken HTTPS pages.
Source: Google Security Blog
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site.
What does it do?
HTTPS is a more secure version of the HTTP protocol used on the internet to connect users to websites.
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption—encrypting the exchanged data to keep it secure
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website, builds user trust, which translates into other business benefits.
How does this affect me?
Users expect a secure and private online experience when using a website and HTTPS enabled websites are regarded as more trustworthy for visitors.
Google has said that traffic to pages it has marked "Not Secure" has dropped by 23%.
Various search engines have recently also started favouring HTTPS enabled websites when displaying web search results.
Some commentators have expressed concern at the timing, so close to Christmas, saying that retailers may be adversely affected.
Making the switch
Google classifies this as a site move with url changes. As with any significant change to a site, you may experience ranking fluctuations while Google re-crawls and re-indexes your site. As a general rule, a medium-sized website can take a few weeks for most pages to move in the index; larger sites can take longer.
A security (SSL) certificate must be obtained as part of enabling HTTPS for your site.
The good news is that SSL certificates are not expensive. We can obtain the certificate and perform the migration with minimal disruption. What's more, HTTPS does not impact your site's performance.
Business owner, Graphic designer, Web developer, Brand and marketing strategist, Adobe Creative Cloud wizard, Business Catalyst Premium Partner, Adobe Community Professional, Passionate Liverpool FC supporter, Muse Advisory Board Member, Semi-retired (tried and failed at least 17 times) Futsal player for Dribblers FC and Toothless Tigers, BC Sandpile activist, Liverpool International Academy and Burwood FC coach, can juggle and do over 1,000 keepie-ups (just not at the same time - come on!)