Chrome Will Show Security Warnings for HTTP Pages as of October


It’s official, Google has started sending out notices to sites that have not yet migrated over to HTTPS. The email sent out from the Google Search Console urges site owners to migrate over to HTTPS before October 2017. Not doing so will result in visitors to your website receiving a “Not secure” warning when entering any data.

Chrome does already mark HTTP pages as “Not secure” if they have any password or credit card fields on non-HTTPS pages. However, as of Chrome 62 the “Not secure” warning will show in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode. Chrome 62 is scheduled to be released in October 2017.

Treatment of HTTP pages in Chrome 62

What does the warning look like?

In Chrome 62 the “Not secure” warning will only be shown when a user begins entering data into an input field unless they’re in Incognito mode where it will be visible all of the time. I believe this is primarily to soften the initial blow of the new functionality. Eventually not only will the “Not secure” warning display at all times but it will also be coloured red to draw more attention.

Treatment of HTTP pages with user-entered data in Chrome 62

Chrome’s Security Team, Emily Schechter said: “Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.

Does it affect me?

Unless you have a website that doesn’t contain any input fields (search, login/register, newsletter signup and payment forms etc) anywhere then absolutely, but even then, eventually it will probably affect those too, so it’s worth staying ahead of the game and coming up with a plan of action.

The chances are too that it won’t just be Chrome showing these warnings, but all other major browsers will probably bring their software in line with this way of thinking soon after the release of Chrome 62.

I personally feel this is a step in the right direction to improve the security of the web and protecting users information. Migrating over to HTTPS is something that should have already been on the cards for a lot of sites, especially e-commerce (Which should have HTTPS in place from day one), so it’s hopefully not going to be too painful to bring the migration forward a bit.

For more details, see the original blog post over here.

What can Eira Studios do to help?

Need help migrating your website to HTTPS or just need some guidance? Get in touch, with years of experience in migrating sites of all sizes including large e-commerce and business websites over to HTTPS you’re in safe hands.

Leave a comment