Google Chrome’s ‘Not Secure’ warning for HTTP sites.

Earlier this year, Google announced a new update to Google Chrome coming in October 2017.

This update means that you’ll see a ‘Not Secure’ warning on HTTP websites that have text fields—this might be a contact form, newsletter signup, or site search field.

For clarity, if you haven’t noticed a ‘https://’ at the start of a web address, or a green ‘lock icon’ right next to it, you are browsing an HTTP website.

Yep, you guessed it—that’s almost every website you’re now thinking about.

HTTP, or Hypertext Transfer Protocol, is the fundamental language spoken between your browser and servers, enabling the exchange of information on the World Wide Web.

This Chrome update is a big one, with the potential for real repercussions. The change is part of Google’s ongoing push towards more secure web experiences, worldwide.

Here’s what it will look like when you try and type something into a text box on an HTTP site.

Typing into a text box on a HTTP site—spot the ‘Not Secure’?

If you’re browsing using Google’s Incognito mode, a warning will appear anytime you’re on a HTTP website—regardless if it has a text field or not. The image below shows the differences between the current version, Chrome 61, and the new version, Chrome 62.

Outside Incognito mode vs inside incognito mode. Old vs new.

In future, Google plans to show the ‘Not Secure’ warning on all HTTP pages, even outside of incognito mode.

Staying on the front foot, Google has started ramping up activity by sending email warnings via Google Search Console, a Google performance tool for Webmasters, to website owners that will be affected.

Here’s what the email looks like:

Google’s email warnings sent via Google Search Console.

What does this mean for HTTP websites?

People visiting HTTP sites and filling in forms on any browser are vulnerable to having their information stolen or misused.

Google Chrome will start warning users that the website they’re on is ‘Not Secure’. The impact could be that people start to lose trust in sites that aren’t secure.

As a result, conversion rates for HTTP sites could suffer: no one likes an insecure site.

According to w3schools.com, Google Chrome is the most commonly used browser, with 76.7% people choosing Chrome in July 2017. That’s a landslide majority of users around the world.

So how can HTTP sites respond to the update?

People who own HTTP websites can switch their sites over to https. By doing this, you’re enabling security through what’s known as an SSL Certificate. This type of security encrypts your data when it is transferred between users and websites. Think of it as a secret language that only your website and browser understand.

To add this level of security to your site, you’ll need to register for an SSL Certificate and migrate your site to the new https version.

Where your site is managed or hosted by an agency or provider, they can normally assist you with this change.

If you’re going DIY, Google provides some information on how to do this here.

Not only will https websites provide users with a secure searching experience, and peace of mind when submitting sensitive info—but your site will also receive a slight ranking boost, as https is one of the ranking factors used in Google’s search algorithms.

Keep your site up to date, and be conscious of Google Chrome updates. We recommend registering for an SSL Certificate if you don’t already have one. It doesn’t take long, and you can do it before October so you’re ahead of the game.