This week Google Chrome (version 62), will begin showing a ‘not secure’ warning on any HTTP pages where a user enters text in a form and for any HTTP page when a user is using an incognito browser. HTTPS has always primarily been used on ecommerce checkout pages, but this update is another move from Google aimed at encouraging websites to migrate to a fully secure site and improve security as a whole on the web.
What are the specifics of the Google Chrome ‘not secure’ update?
- The “Not secure” warning will only show in Chrome version 62
- When not in incognito mode, the warning will only show when entering data into a HTTP page e.g. email sign up form
- When in incognito mode, the warning will show by default on all HTTP pages
Why is Google enforcing sites to move to HTTPS?
Back in 2014, Google first announced that security was one of their top priorities and that had started using HTTPS as a ranking signal.
“We’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
This move was really prompted by Google responding to the growing concern from internet users about their private data.
“89% of British internet users are worried about online privacy”
What type of websites will be impacted most by the Google Chrome not secure warning?
Ecommerce sites yet to make the move to full HTTPS, will bear the brunt of this change and will more than likely see the majority of their pages show as ‘Not secure’ in both incognito and non-incognito mode.
Internet users submit more personal data on ecommerce sites than anywhere else, whilst most of this is usually in secure checkout and account sections, there are still email sign up forms and contact forms that sit on almost every page.
How do I avoid the Google Chrome security warnings being shown for my site?
Google’s advice on this is simple…migrate to HTTPS. If you haven’t yet migrated to HTTPS, you will have received a message in Google Search Console showing the below information:
There are guides and processes available to do this online and this should be done alongside the advice of an SEO agency or SEO manager to avoid any significant and sustained drops in organic traffic.
What are the benefits of switching to HTTPS?
Originally, many businesses had avoided migrating to fully HTTPS as the SEO manager or agency seemed to be the only stakeholder pushing for the move to fully secure. In the last couple of years, there has emerged many more benefits of moving to HTTPS that are backed by other departments within a business.
SEO ranking factor
Google’s first incentive to switch to HTTPS was by dangling the carrot of it being an SEO ranking factor. With Google’s ranking algorithm being so mysterious, some webmasters jumped to benefit from anything that Google confirmed would provide a ranking boost. Despite this announcement being the start of Google’s drive for “HTTPS everywhere”, it was a relatively small boost and many where sceptical of the benefits and chose not to take the risk.
HTTP is a protocol initially defined in 1991, with the last major update (HTTP/1.1) being published in 1999. HTTP has long been due an update and this has finally arrived in the form of HTTP/2. In short, this improvement allows for many more requests for data to run simultaneously, rather than sitting in a queue. This means faster loading pages and better experiences for your customers.
@patriclstox said: “Everyone should be making the move to #http2!”
What does this have to do with HTTPS? Browsers supporting HTTP/2 will only do so for fully HTTPS websites. Therefore, to benefit from the improved performance that HTTP/2 can offer, you need to first switch to HTTPS.
A progressive web app (PWA) allows a site to create an app-like experience of your website without having to develop an actual app. It will create an app icon for smartphones, allow users to browse your site offline and has the functionality to send notifications.
Like HTTP/2, one of the requirements for PWAs is for your site to be fully HTTPS. So, if this is an option that you think you might want in the future, then it might be time to make the move to fully secure.
This update to Chrome browsers aims to make users more aware about the privacy of their data. If a customer is browsing your site in incognito mode or inputting their email address into a sign-up form and sees the not secure warning, they might think twice about shopping on the site or entering their email, potentially resulting in lost conversions.
What are the drawbacks of moving to fully HTTPS?
With there being so many benefits of moving to HTTPS, including potential increases in traffic and conversion rate, why are some websites so reluctant to make the move to fully secure?
Despite the cost of having an SSL certificate is relatively low, in some cases the development cost can be quite high. Large sites with a complicated infrastructure have a lot of work to do to effectively switch from HTTP to HTTPS and some sites don’t feel as though they will see the return on this investment.
Risk of losing traffic
When carrying out any type of site migration, there can be a risk of losing your organic rankings and not recovering. There have been a few cases of this happening and subsequently a lot of pressure is piled on SEOs to ensure any migration goes smoothly.
Concerns of lost SEO traffic and an impact on the bottom line are regularly voiced when a move to fully HTTPS is suggested. But if you follow Google’s guides about moving to HTTPS, any temporary drop in traffic should quickly be restored.
Are you still waiting to move to HTTPS?
If up until this point, you’ve been put off by the negatives of going fully secure, now is the time to make the change to HTTPS. This is not the last move Google and other browsers will make to force sites to go fully secure. Internet users are also becoming savvier and may also only chose to shop on fully secure sites. All this to say that if HTTPS wasn’t front of mind before, you may want to re-visit your SEO roadmap for 2018.
Webmasters HTTPS as a ranking signal June 2014
Econsultancy 89% of British internet users are worried about online privacy: report January 2014
Asos Womens clothing
Source: Why Everyone Should Be Moving To HTTP/2 November 2015