On Monday, Google’s Ilya Grigorik posted a stern reminder that Google Chrome will start displaying warnings for websites that don’t hold a verification for HTTPS in Chrome 42 (make sure yours is up to date). Also, sites that are non-HTTPS will be flagged as vulnerable.
This anticipated move comes after a proposal from the Chrome Security Team to gradually visibly mark non-secure websites on Chrome in 2015. Google embraced this move to clearly alert users to the fact HTTP sites provide no data security in order to allow internet users to make informed decisions based on the security of all private and authenticated data communications on the internet.
Even prior to the proposal, Google clearly stated their recommendation for secure HTTPS websites, even hinting at a slight ranking signal. This caused the number of secure websites to increase by 3 percent; however, many webmasters ignored the recommendation and the non-HTTPS warning. Now, they are now faced with a potentially significant drop in traffic with the launch of the flagging system.
Google Flags Expired Verifications
Google’s move to warn users of expired website verifications with Chrome comes as no surprise due to their previous testing and announcement. Although Google Chrome only holds about 50 percent of the browser market, this move is certain to detour internet visitors from viewing flagged websites. Since the average website user won’t understand what this warning means, they are likely to exclude the website, causing a significant loss in traffic from Chrome users. Webmasters who fail to take action have the potential to lose as much as half of their website traffic.
Verify Websites with Google Canary
Although HTTPS verification won’t be used as a significant ranking factor, Google recommends secure sites as “good practice,” even for websites that don’t collect personal data. Not to mention, you’ll combat traffic loss and maintain good faith on the internet by holding a verified and secure website.
If you have yet to migrate to an HTTPS site, now is the time to act.
- Get and install a valid certification
- Enable HTTPS on website servers
- Make Intra-site URLs relative
- Redirect HTTP to HTTPS
- Enable Strict transport security and secure cookies.
- Read our full guide here
Once this is complete, Google recommends downloading Chrome Canary to determine a site’s security authenticity. While it’s believed Google will grant a certain grace period for websites, those with expired verifications earlier than 2015 will be flagged and face traffic loss if immediate action is not taken.
While some continue to speculate how this move will play out, you need to be proactive to ensure your site is HTTPS verified to avoid being tarnished by the little red X.