Print Print

Chrome to Issue “Not Secure” Warning for HTTP Web Pages

Internet Security

Google Chrome is the most frequently used web browser — in fact, more than half of all website traffic uses it. Increasingly, web traffic has migrated to Hyper Text Transfer Protocol Secure (HTTPS), the secure version of HTTP, which is the communications protocol through which data travels between your browser and the website to which you are connected. The ‘S’ at the end of HTTPS stands for ‘Secure.’ It means all communications between your browser and the website are encrypted.

Today, more than half of Chrome desktop page loads are served over HTTPS. If your website is not already using HTTPS, you will want to pay attention to the following information.

Beginning in October 2017, Chrome (version 62) will issue “NOT SECURE” warnings when users enter text in a form on an HTTP page, as well as for all HTTP pages in Incognito (aka, private browsing) mode. The warning is the next step of Chrome’s long-term plan to mark all pages served over HTTP as “not secure.”

For example, if your site currently is listed as http://firmname.com, visitors accessing your site from Chrome will receive the “not secure” warning when entering text in a form on it. To prevent this from occurring, you will need to acquire a security certificate and migrate your site to HTTPS. A security certificate, also called an SSL certificate, is a small data file that’s used to digitally bind a cryptographic key to an organization’s details. It activates the padlock and the HTTPS protocol when it’s installed on a web server, thereby allowing secure connections from a web server to a browser.

Additionally, to prevent the “not secure” notification from appearing when Chrome users visit your site, only collect user input data on pages served using HTTPS.

This change is part of an effort initiated by Chrome in January to help users browse the web in a more secure manner. Chrome rolled out the first phase of its plan earlier in the year by marking HTTP pages that collect passwords and credit cards as non-secure.

You can learn more about Chrome’s approach to secure connections here.

In the past, Chrome used a neutral indicator for HTTP connections, which means someone else on the network could look at or modify the site. For users browsing Chrome with Incognito mode, this is a significant issue because there has been an even higher expectation of privacy. Going forward, Chrome will eventually show the “not secure” warning for all HTTP pages, including those outside Incognito mode.

For more information, contact Bob Goricki, Skoda Minotti, at (440) 449-6800 or email bgoricki@skodaminotti.com.