Web browsers have long indicated to users that a page is secure with a lock icon or a green https. This little notice helps users understand where their connection is safe and where it is not. In September, Google announced they’re going to be taking this to another level. Not only will they be labeling secure sites, they will now also be labeling sites without an https connection as “not secure” as depicted below.
You might ask why we are writing today about something announced in September. At the end of January, Chrome 56 will officially launch–introducing the new visible notice in the browser bar to website users. While this change is only cosmetic, it has the potential to create a lot of confusion for websites that don’t utilize a secure connection. Users will now explicitly be told that your website, form, or landing page is not secure, and this could discourage users from filling out forms or taking other actions.
Why would Google do this?
Google has been on a mission to make the web more secure. This is not the first announcement of this kind. Google is also including the use of https as a search ranking factor. Forcing website owners to use a secure connection makes the entire web more secure, and makes people more comfortable with interacting online.
Will users really notice?
This first change will be relatively subtle and it is likely some users may not notice the change. This non-https warning will become red in future releases, similar to how a broken SSL displays today. When this occurs it will be very difficult not to notice.
What should I do now to prepare?
If your website does not have an SSL, it is time to get one. There are a number of benefits to having an SSL and the cost for standard SSLs has dropped substantially in the past few years. Don’t wait for this change to be fully implemented. There are already search and security benefits to having an SSL. Contact your web developer and get one installed today.
How do I know if I have an SSL?
Load your website in a browser. Look to see if you have a green lock icon in the address bar. Depending on the web browser you use, you might see a different image, but it should be something along the lines of a green lock, a green https, or the word ‘secure.’ If you don’t see this on your site, make sure to check pages that previously have required an SSL such as a payment form or checkout page. If you do not notice an SSL indicator, it is likely you do not have one. If you are unsure, feel free to reach out and we can help validate this.
I have an SSL but still see the non-secure warning in Chrome.
If you know you pay for an SSL but you’re still seeing the warning, it is likely the SSL is not being used on all pages of your website. A website can have an SSL installed, but optionally not use it. In the past, it was common for developers to only use the https / SSL connection at the point it was required, such as making a payment or logging in. If this is the case for your website, you can reach out to your web developer and ask them to load all pages through a secure connection. If you need assistance we’re happy to help.