On Monday, Google’s Ilya Grigorik posted a stern reminder that Google Chrome will start displaying warnings for websites that don’t hold a verification for HTTPS in Chrome 42 (make sure yours is up to date). Also, sites that are non-HTTPS will be flagged as vulnerable.
Game Changer, Chrome 42 to Show Warnings for non-HTTPS
This anticipated move comes after a proposal from the Chrome Security Team to gradually visibly mark non-secure websites on Chrome in 2015. Google embraced this move to clearly alert users to the fact HTTP sites provide no data security in order to allow internet users to make informed decisions based on the security of all private and authenticated data communications on the internet.
Even prior to the proposal, Google clearly stated their recommendation for secure HTTPS websites, even hinting at a slight ranking signal. This caused the number of secure websites to increase by 3 percent; however, many webmasters ignored the recommendation and the non-HTTPS warning. Now, they are now faced with a potentially significant drop in traffic with the launch of the flagging system.
Google Flags Expired Verifications
Google’s move to warn users of expired website verifications with Chrome comes as no surprise due to their previous testing and announcement. Although Google Chrome only holds about 50 percent of the browser market, this move is certain to detour internet visitors from viewing flagged websites. Since the average website user won’t understand what this warning means, they are likely to exclude the website, causing a significant loss in traffic from Chrome users. Webmasters who fail to take action have the potential to lose as much as half of their website traffic.
Verify Websites with Google Canary
Although HTTPS verification won’t be used as a significant ranking factor, Google recommends secure sites as “good practice,” even for websites that don’t collect personal data. Not to mention, you’ll combat traffic loss and maintain good faith on the internet by holding a verified and secure website.
If you have yet to migrate to an HTTPS site, now is the time to act.
- Get and install a valid certification
- Enable HTTPS on website servers
- Make Intra-site URLs relative
- Redirect HTTP to HTTPS
- Enable Strict transport security and secure cookies.
- Read our full guide here
Once this is complete, Google recommends downloading Chrome Canary to determine a site’s security authenticity. While it’s believed Google will grant a certain grace period for websites, those with expired verifications earlier than 2015 will be flagged and face traffic loss if immediate action is not taken.
While some continue to speculate how this move will play out, you need to be proactive to ensure your site is HTTPS verified to avoid being tarnished by the little red X.
Sources
- “Google Chrome Wants to Warn Users Before Visiting All Non-HTTPS Sites” The SEM Post
- “Google’s Change to Chrome Showing non-HTTPS Site Warnings Launching in Chrome 42” The SEM Post
- “How to Migrate to HTTPS” Google
In one sense, it’s a great move to ensure users’ safety and security, and in another sense, Overkill! If our subscription pages and all user data related interior pages are SSL secure, does our Home page reeeeaaaally need to be flagged as dangerous? And how many people with their own websites and pages for things from Knitting tips to, in one case, a memorial for a deceased friend, will know to do this? How many of their viewers will understand enough of what it means to continue on to such a site? It’s smart for business situations (more or less), and anti-open-ethos-of-the-web for all other sites.
Our website is not https. How come I don’t see any of these warnings in Chrome 42?
Right now if you downloand canary, there is an error. But you need to click on the tab to reveal it.
http://www.thesempost.com/chrome-showing-non-https-sites-warning/
This is from the article: It isn’t clear whether sites that are completely unsecure will display the https crossed out in red, as the current version of Chrome Canary does not yet display the newer style like the screenshot that Ilya Grigorik posted, but we might learn more as release is closer.