Blog

Google tightens noose on HTTP: Chrome to stick 'Not secure' on pages with search fields

SSL browser check

WE CAN HELP YOU SWITCH TO HTTPS

On October 27, a new version of the Chrome browser will be introduced. Google is giving web developers six months to prepare for the next phase of its plan to mark all HTTP pages as ‘Not secure’.

October will mark stage two of Google’s plan to label all HTTP pages as ‘Not secure’ in Chrome.

In January, Google started to label some pages in HTTP as non-secure with the release of Chrome 56. This phase affected pages that transmit sensitive information such as login and payment-card data on the web.

The not-secure label indicated that data is being exchanged on an unencrypted connection. HTTPS, the secure version of HTTP, offers better protection against someone on the same network viewing or modifying the traffic, in what is known as a man-in-the-middle attack.

Browser SSL padlock checkBeginning in October, Chrome will label HTTP pages as insecure if users can input any data. Google highlights this will apply to any page with a search box.

“Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the ‘Not secure’ warning when users type data into HTTP sites,” said Emily Schechter, a Chrome Security Team product manager.

The expanded warnings for HTTP pages will are likely to add pressure on site owners to acquire the necessary SSL/TLS certificates and setup HTTPS on their web servers. Also, warnings for any user-input field cast a wider net than login and payment pages, given the frequency of pages with a search box.

Site owners have about six months from now to enable HTTPS with Chrome 62 due for stable release on October 24.

WE CAN HELP YOU SWITCH TO HTTPSFirefox maker Mozilla hasn’t yet said whether it will follow Chrome’s new user input warnings, but it also began displaying ‘in-context’ warnings for payment and login pages in January.

One site owner discovered the consequences of not enabling HTTPS on payment and login pages in March, and, amusingly, filed a bug report to Mozilla requesting the warnings be removed.

Chrome 62 will also introduce warnings for all HTTP pages when the user selects Chrome’s Incognito mode.

“When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode,” said Schechter

Google hasn’t said how or when it will expand non-secure warnings to more HTTP pages but it will eventually label all HTTP pages insecure. When that happens, it will display ‘Not secure’ in red, which is today only used for broken HTTPS.

The other reason Google is dragging the web towards HTTPS is to support its push for developers to adopt progressive web apps through JavaScript ‘service workers’. These sit between the browser and network to enable offline and background syncing features and require HTTPS to be enabled.

According to Google’s HTTP Transparency Report, over half of all pages are viewed over HTTPS on the desktop. For Chrome OS, 71 percent of pages are loaded over HTTPS, while 58 percent are for Chrome on Windows. While it is becoming more common for sites to enable HTTPS, dozens of the world’s most popular sites still have not.

WE CAN HELP YOU SWITCH TO HTTPS

Requests a Quote

    Categories

    Latest Topics

    Google Analytics 4, Is your website ready?

    If you use Google Analytics and have not upgraded to the latest GA4 then on 1st July 2023 you will stop receiving tracking data You need to make your your site is updated with the new GA4 tracking code If your website was built before October 14, 2020, you’re probably...

    The Benefits of Having Your Website in Multiple Languages

    We now live in a time when our first instinct is to turn to the web whenever we’re considering buying something. We perform an online search on the brand or go directly to the company’s website. Even when other people make recommendations via peer-to-peer marketing,...

    SiteGround Web The Best Hosting Services for WordPress

    AN IN-DEPTH REVIEW OF SITEGROUND HOSTING PLANS AND SERVICES Do I recommend it? Yes! SiteGround is a great web host for websites of all sizes. SiteGround is one of the most popular web hosting services out there—and for good reason. They offer hosting options and plans...

    What is SEO? the Beginner’s Guide to Search Engine Optimization

    WHAT IS SEO? SEO (Search Engine Optimization) is the marketing process to increase visibility within the organic search results, for the specific purpose of obtaining more traffic for a website. HOW SEO WORKS Every major search engine such as Google, Bing, and Yahoo...

    How to Create a Multilingual WordPress Site with WPML

    Do you want to make your website available in multiple languages? By default, WordPress does not come with features required to create a proper multilingual site. That’s why in this tutorial, we will show you how to create a multilingual WordPress site with the...

    10 Things to remember before launching your WordPress web site

    When building a WordPress site, there’s a number of things you should do prior to launching it. From content to design to the legalities of setting up your site, check below for some essential things to check off before your site is viewable to the world.  1. BE...

    Stripe vs PayPal and Payment Gateways: Who should you choose?

    https://stripe.com You've been hearing more and more about Stripe, the hottest new payment processor on the block. But what about PayPal? They have a trusted brand and a long history of processing payments on the web. Let's do a thorough review of Stripe vs PayPal....

    5 Digital Marketing Myths You Need to Stop Believing

    Every digital phenomenon has a tendency to generate ideas that mystify and distort its essence, and digital marketing is no different. From the moment people realized they could promote themselves online, there have been stories about what works, what doesn’t, and...

    Mindbody Branded Web

    MindBody Scheduling system, leading front desk application for Gyms, Studios, Personal Trainers and Yoga Studios. Integrate MindBody on your WordPress web site using MindBody Branded tools. Easily integrate your schedule with your website so clients stay on your site...

    Why you Need SSL to Rank Better and How to Set it

    This time last year we made a list of SEO trends for 2015, mentioning Google’s HTTPS Everywhere initiative as one of the ideas that were to become more important for webmasters in the following years. First announced back in August 2014 at Google’s I/O Conference,...