Chrome Begins Push Towards Browser Warnings for Insecure (Non-HTTPS) Websites
Still haven’t made the jump to a secure website? Google have started to roll out browser warnings in Chrome for sites that non-HTTPS websites – and they are going to get more severe.
You may have noticed that in the most recent update to the Chrome browser insecure sites are now more clearly labelled as such.
Webpages that use HTTPS will have a pad-lock; those that use HTTP, or have an out-of-date SSL certificate, now show an information symbol. When clicked, a message is shown which states ‘Your connection to this site is not private’.
In a recent post on the Google Security Blog by Emily Schechter, the change is discussed, along with future plans for how Google aim to encourage webmasters to adopt HTTPS.
Starting in January 2017 Chrome will highlight HTTP pages that transmit passwords or credit card information as insecure.
Eventually at a future as yet unspecified date Chrome will display an even more severe warning, similar to the image below.
At this point, with the fact that using HTTPS provides a small ranking boost, future browser warning plans, and just the fact that your website users will be more secure – it really is a no-brainer to install an SSL certificate on your website in the majority of situations.
At Search Candy we recently ditched our expensive to renew EV SSL certificate and made use of Let’s Encrypt.
In case you haven’t heard about it, Let’s Encrypt is a free, automated, open certificate authority from the Internet Security Research Group, which is sponsored by Chrome and Mozilla amongst many other organisations.
If you still need convincing, check out this site which shows the difference speed that can be achieved when using HTTPS with HTTP/2 – the latest and fastest revision of HTTP.