For those that don’t know, Chrome is the most popular web browser in the world. And soon Google Chrome will identify and flag sites that don’t serve up secure pages.
Google Chrome is currently at version 59, and version 62 is when the ‘un-secure warnings’ are set to appear. This means we’re just a couple of months away, with the rollout expected in October this year!
This will have a huge, negative affect on websites that don’t make the change to serve up secure pages. Users who see this warning message may choose to leave your site altogether! Worse yet, this will impact trust when it comes to ecommerce transactions. Your unsecure website may make you look like a scam site, and will scare off potential customers!
If you haven’t already done so, make sure your website is configured to serve ALL pages via https. If you don’t, you can expect bad things to happen when the Chrome v62 update rolls out in a few months time.
Firefox maker Mozilla hasn’t yet said whether it will follow Chrome’s new user input warnings, but it also began displaying ‘in-context’ warnings for payment and login pages in January.
One site owner discovered the consequences of not enabling HTTPS on payment and login pages in March, and, amusingly, filed a bug report to Mozilla requesting the warnings be removed.
Chrome 62 will also introduce warnings for all HTTP pages when the user selects Chrome’s Incognito mode.
“When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode,” said Schechter
Google hasn’t said how or when it will expand non-secure warnings to more HTTP pages but it will eventually label all HTTP pages insecure. When that happens, it will display ‘Not secure’ in red, which is today only used for broken HTTPS.
The other reason Google is dragging the web towards HTTPS is to support its push for developers to adopt progressive web apps through JavaScript ‘service workers’. These sit between the browser and network to enable offline and background syncing features and require HTTPS to be enabled.
According to Google’s HTTP Transparency Report, over half of all pages are viewed over HTTPS on the desktop. For Chrome OS, 71 percent of pages are loaded over HTTPS, while 58 percent are for Chrome on Windows. While it is becoming more common for sites to enable HTTPS, dozens of the world’s most popular sites still have not.
