Google to show non-HTTPS sites as ‘Not Secure’

You will soon need https if your site exchanges data.

Image Source: https://www.flickr.com/photos/111692634@N04/15946683492/ & www.bluecoat.com

We always seem to visit the subject of http V https from time to time and here we are again with another post on the topic. This is quite an important post as it crystallises and pushes forward some of the things we have mentioned and suggested about https before.

The latest piece of news concerns a change which is about to come into force during October 2017. This is not a ‘shock horror’ change, as reports about this move have been in the press for some time. However if you weren’t aware of it, then now is certainly the time to take note.

If you have a website and have contact forms, login portals where people can access your site, or some kind of other facility where data is exchanged then from October, if these pages are not https then Google will mark them as Not Secure using the Chrome 62 browser.

There are also further extensions to this new rule, and it means that a not secure message will also be shown when:

1) Any kind of data is entered by users on a http page, or,

2) All http pages that a user access when using the ‘incognito mode’ option.

According to reports, emails have been sent out by Google informing people that this will soon be happening. The messages were entitled “Chrome will show security warnings for http… The email message is also said to give an explanation on how to add https and more details relating to this point / topic.

It is perhaps obvious why this change is about to occur but it does mark a more accelerated push towards https. We have heard a lot of stories about unsecure data over recent months and years and Google firmly sees this as one step in getting to grips with this. One step is the important point however – keeping data and security safe is a seemingly never ending concept but any further drive towards enhancing this can only be welcome.

In terms of the ordinary person and their website, the change may not even affect them since it would be reasonably fair to say that most websites where some kind of data exchange is involved are https secure anyway (think of your bank, supermarket or other shopping website for example.) However for those that aren’t, they really need to implement this change quickly as the potential worst case scenario could be losing traffic and ultimately customers and business, because when visitors get Google’s message they may believe what they are about to be doing is not safe.

Whilst the obvious security benefits of this are not in doubt, on reflection, this does look like something that could hamper small business or smaller companies generally. Larger businesses are likely to have exhaustive and comprehensive website platforms in place that can easily deal with changes likes this or be advanced enough to have covered them in the first place. Smaller businesses by comparison may not have the capacity or resources to be able to do this, and therefore could they potentially be punished in ways we have described? Will be interesting to see whether someone takes this one up!

View our case studies (new added) to find out how we have helped our clients.

Back to Blog