We’ve said it before, and we’ll say it again: SSL is no longer optional. It’s mandatory. Regardless of what kind of site your customers are running, soon they’ll be penalized by the browser community for not having encryption.
Already, the browsers are rewarding encrypted sites with SEO ranking boosts and the use of advanced features. But soon, non-encrypted sites will be given negative security indicators and actively labeled “not secure” in the address bar.
From January 2017, Google Chrome (version 56 and onwards) will begin marking HTTP sites that transmit passwords or request credit card details as “not secure”.
The move comes as part of a longer term strategy to eventually label all non-HTTPS sites as insecure within Google’s browser, helping users to browse the web more safely.
The current neutral indicator that’s displayed for HTTP connections in Google Chrome doesn’t point out their lack of security. It is possible for someone else on the same network to look at or interfere with a website using an HTTP connection before it reaches you.
Sites that do make use of an HTTPS connection will continue to be labelled with a green padlock icon, marking them as secure. The lack of a secure icon however, is not enough for users to recognize a site as insecure. The new label for HTTP sites will help highlight their insecure nature to users.
The Gradual Plan
Google’s plan to label HTTP sites will include the introduction of indicators gradually:
- Firstly, starting in January 2017 on Chrome 56 – the aforementioned “not secure” label for HTTP sites with password or credit card form fields.
- Subsequent releases – further warnings, for instance, HTTP sites being labelled as “not secure” when users are in Incognito mode, with higher privacy expectations.
- Eventually – all HTTP sites to be labelled as “not secure”, displayed with a red triangle like the current broken HTTPS indicator.
This announcement by Google should act as a warning call to website owners. If you haven’t already, it is now more important than ever to consider switching your site to HTTPS to avoid being flagged as “not secure” in Chrome.
This label could put off potential customers from trusting your site’s content and security, leading them to turn elsewhere for their desired products or services. Along with the fact that a small search engine ranking boost is given to sites that make use of HTTPS, this should provide sufficient reason to make the switch.