Google Chrome will mark Non-HTTPS Page Forms as “Not Secure”

If your website is still an HTTP website and has forms, login fields or other forms of input, Google’s Chrome browser will begin marketing these as not secure.

Google has sent out email notifications through Google Search Console on accounts that feature forms or other input fields on web pages over HTTP.

What does this mean for a Non-HTTPS website?

Any pages showing fields over HTTP will be explicitly marked as not secure from Chrome 62, in October 2017.

This notification has come up previously for other purposes, but the flagging as not secure for forms is entirely new.

The notification says as follows:

Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

The following URLs on your site include text input fields (such as < input type=”text” > or < input type=”email” >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data.

In the warning, Google states:

The new warning is part of a long-term plan to mark all pages served over HTTP as “not secure”.

Why is Google doing this now?

Google has long been championing the benefits of HTTPS, and overall this provides a better experience for Google users, whilst also encouraging webmasters to adopt HTTPS.

HTTPS is inevitable at this point, and if you aren’t already HTTPS it should be on your radar.

Google’s explanation for the future is as follows:

Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out our set-up guides to get started.

How do I fix the issue?

Google’s solution for the issue is what really matters, and it’s simply to migrate to HTTPs.

“To prevent the “Not Secure” notification from appearing when Chrome users visit your site, only collect user input data on pages served using HTTPS.”

If you haven’t already made the switch to HTTPS, then there’s never been a better time. It has many benefits aside from the additional security, including better search engine rankings, and the fact you will avoid penalties from Google.

If you need a hand with the switch to HTTPS, get in touch with the team at Xanthos.