Google to Add “Not Secure” Warning for Non-HTTPS Sites in Chrome

Google has announced that later in 2017 they will be adding a new warning for searchers, which will mark websites as “not secure” if they haven’t moved to HTTPS, and are still HTTP.

At the moment Chrome marks HTTP pages as not secure if they contain password or credit card entry fields.

However, in October 2017, Chrome will begin showing the not secure warning when users enter data on an HTTP page, and any HTTP pages that are visited in the private Incognito mode.

The timeline for the Chrome launch can be seen below.

Google has said that since the previous change, there had been a 23% reduction in the fraction of navigations to HTTP pages on desktops that feature password or credit card forms.

This is simply an evolution of Google attempting to make the web more secure, and enticing more webmasters to move over to HTTPS.

Google states:

Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.

When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode.

Google eventually plans to show the “not secure” warning for all HTTP pages, both in and outside of Incognito mode.

Below you can see an example of how HTTP pages will be treated with user-entered data in Chrome 62:

Google is encouraging everyone to adopt HTTPS, as it is easier and cheaper than ever before. This allows for the best performance that the web has to offer, alongside new features that are deemed far too sensitive for the HTTP alternative.

Not only does HTTPS allow for extra features, but it also boasts other benefits:

  • Ranking boosts for HTTPS websites in search results
  • Protection of user’s sensitive information
  • Increased customer trust and confidence in your brand
  • Eliminate any browser warnings
  • Increased potential of organic search traffic
  • Increased conversions and maximised revenue
  • Decreased chances of phishing or cyber attacks

In the long run, Google ultimately wants to mark any website or web page that is running over HTTP as entirely insecure, though this is obviously something that will take more time. Even in 2016, 34% of all Google search results were HTTPS, and this is only set to increase.

More and more websites have moved over HTTPS, and this is another step from Google that will surely encourage another wave of adoption, meaning there is no reason to wait to make the switch to HTTPS  for your own website.