Google says its Chrome browser will mark HTTP websites with input fields (such as contact forms or those that require login details) as not secure, starting later this year.
The search engine gave notice of this a few months ago but has now taken the step of formally notifying webmasters who will be affected as the change gets closer.
The notification said, “Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
The notifications were sent to webmasters via Google Search Console. Sites that are HTTP and have credit card fields and require passwords are already marked as not secure. The additional two scenarios represent a gradual increase of the security protocol, with Google saying in its official post that its efforts have already resulted in a 23% reduction in the “fractions of navigation to HTTP pages with passwords or credit card forms on desktop”.
When the new warning kicks in, HTTP sites will have a ‘Not Secure’ label displayed in the address bar as shown below:
Emily Schechter from the Google Chrome Security Team said more actions should be expected in future, remarking, “Eventually, we plan to show the “Not Secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.”
If your site is currently a HTTP domain, you will need to migrate to HTTPs before October to avoid your web traffic being warned off visiting your site.
Information Source: Wordtracker
SSL certificates cost from approx £100pa, depending on the quality you’re after or the provider. We can sort all this out for you.
It would take us and hour or 2 to arrange this and to apply it to your website.